Issue Plesk 18.0.70 and Could not issue/renew Let's Encrypt certificates

[kristobal1969]

Server operating system version

Ubuntu 22.04.5 LTS

Plesk version and microupdate number

Plesk Obsidian 18.0.70 Update #2

Hello,
Since the upgrade to plesk 18.0.70 (with Update #2), I have messages from plesk on all my domains everyday though the renew is not for now but for july or august and even with domains whose ssl has been renewed yesterday (24 june 2025)
here is a message :

​

Could not secure domains of Guillot FGA (login ****) with Let`s Encrypt certificates. Please log in to Plesk and secure the domains listed below manually. Securing of the following domains has failed: ** 'fgamenagement.fr' ** Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz/2019333767/541581285921 Details: Type: urn:ietfarams:acme:error:dns Status: 400 Detail: DNS problem: NXDOMAIN looking up A for mail.fgamenagement.fr - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for mail.fgamenagement.fr - check that a DNS record exists for this domain The following domains have been secured without some of their Subject Alternative Names: <none> Could not renew Let`s Encrypt certificates for Guillot FGA (login ****). Please log in to Plesk and renew the certificates listed below manually. Renewal of the following Let`s Encrypt certificates has failed: <none> The following Let`s Encrypt certificates have been renewed without some of their Subject Alternative Names: <none> Legend: [+] This domain is secure. The domain's SSL/TLS certificate from Let`s Encrypt has been issued/renewed. [-] This domain is not secure. Either the domain's SSL/TLS certificate from Let`s Encrypt could not be issued/renewed or the domain name was excluded from the certificate. Renew the certificate manually or request a new one to secure this domain.​

Do you knwo what is wrong ?
Regards
Kris

 

[afuego]

You need to add A record for mail.fgamenagement.fr pointed to your server IP address

 

[kristobal1969]

I do not think it is the problem because the information is already in the DNS and it worked well before upgrading to Plesk 18.0.70.

Since I reissued the certificate with "Secure the wildcard domain (including www and webmail)" I have no more messages. May be the certificate just needed to be manually reinstalled in order to work properly. May be the wildcard has no implication but as it is more complex to install, I guess it is safer anyway.

I hope my experience will help people that have the same problem. I find it strange that not anybody has posted this issue here.

 

[Adrian_13]

I do not think it is the problem because the information is already in the DNS and it worked well before upgrading to Plesk 18.0.70.

Since I reissued the certificate with "Secure the wildcard domain (including www and webmail)" I have no more messages. May be the certificate just needed to be manually reinstalled in order to work properly. May be the wildcard has no implication but as it is more complex to install, I guess it is safer anyway.

I hope my experience will help people that have the same problem. I find it strange that not anybody has posted this issue here.

We have the same Issue here, you are not alone.

 

[Adrian_13]

We have the same Issue here, you are not alone.

Not exactly the same but very similar.
The TXT Record for auth not updated in DNS by plesk, so the renew fails.

 

[kristobal1969]

What is the message exactly ?
As I wrote, reissuing the certificate (with wildcard at least and of course installing the information for let's encrypt in the external DNS and waiting for propagation before validating the certificate in Plesk) worked for me for all my domains. It can be something similar to this :

_acme-challenge.azcommunication.fr.

500

TXT

"O7niuzwo4zerA0is9bO7C4guiNqrk4a-hYg2Kimj4tk"

 

[Adrian_13]

What is the message exactly ?
As I wrote, reissuing the certificate (with wildcard at least and of course installing the information for let's encrypt in the external DNS and waiting for propagation before validating the certificate in Plesk) worked for me for all my domains. It can be something similar to this :

_acme-challenge.azcommunication.fr.

500

TXT

"O7niuzwo4zerA0is9bO7C4guiNqrk4a-hYg2Kimj4tk"

ould not secure domains of Max Mustermann (login example) with Let`s Encrypt certificates. Please log in to Plesk and secure the domains listed below manually.
Securing of the following domains has failed:

<none>

The following domains have been secured without some of their Subject Alternative Names:

<none>

Could not renew Let`s Encrypt certificates for Max Mustermann (login example). Please log in to Plesk and renew the certificates listed below manually.
Renewal of the following Let`s Encrypt certificates has failed:

** 'Lets Encrypt example.xyz' [days to expire: 16] **
[-] *.example.xyz
[-] example.xyz

Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz/XXXX/YYYY
Details:
Type: urn:ietfarams:acme:error:unauthorized
Status: 403
Detail: Incorrect TXT record "5iLXXXXXXXXXXXXXXXXXXXXXXXXX" found at _acme-challenge.example.xyz

The following Let`s Encrypt certificates have been renewed without some of their Subject Alternative Names:

<none>


Legend:
[+] This domain is secure. The domain's SSL/TLS certificate from Let`s Encrypt has been issued/renewed.
[-] This domain is not secure. Either the domain's SSL/TLS certificate from Let`s Encrypt could not be issued/renewed or the domain name was excluded from the certificate. Renew the certificate manually or request a new one to secure this domain


In the past this worked fine.
The DNS record shows, that is the key from the last successful renew.

 

[kristobal1969]

Have you installed the new generated txt record in your external DNS ? Not the ones in Plesk but the one at your registrar ?

 

[Adrian_13]

Have you installed the new generated txt record in your external DNS ? Not the ones in Plesk but the one at your registrar ?

The DNS-Zone is managed by Plesk, so Plesk is the only place where I can change this record.