• Dear Pleskians! The Plesk Forum will be undergoing scheduled maintenance on Monday, 7th of July, at 9:00 AM UTC. The expected maintenance window is 2 hours.
    Thank you in advance for your patience and understanding on the matter.

Issue Plesk 18.0.70 and Could not issue/renew Let's Encrypt certificates

kristobal1969

New Pleskian
Server operating system version
Ubuntu 22.04.5 LTS
Plesk version and microupdate number
Plesk Obsidian 18.0.70 Update #2
Hello,
Since the upgrade to plesk 18.0.70 (with Update #2), I have messages from plesk on all my domains everyday though the renew is not for now but for july or august and even with domains whose ssl has been renewed yesterday (24 june 2025)
here is a message :
Plesk
Could not secure domains of Guillot FGA (login ****) with Let`s Encrypt certificates. Please log in to Plesk and secure the domains listed below manually.
Securing of the following domains has failed:

** 'fgamenagement.fr' **
Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz/2019333767/541581285921
Details:
Type: urn:ietf:params:acme:error:dns
Status: 400
Detail: DNS problem: NXDOMAIN looking up A for mail.fgamenagement.fr - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for mail.fgamenagement.fr - check that a DNS record exists for this domain

The following domains have been secured without some of their Subject Alternative Names:

<none>

Could not renew Let`s Encrypt certificates for Guillot FGA (login ****). Please log in to Plesk and renew the certificates listed below manually.
Renewal of the following Let`s Encrypt certificates has failed:

<none>

The following Let`s Encrypt certificates have been renewed without some of their Subject Alternative Names:

<none>


Legend:
[+] This domain is secure. The domain's SSL/TLS certificate from Let`s Encrypt has been issued/renewed.
[-] This domain is not secure. Either the domain's SSL/TLS certificate from Let`s Encrypt could not be issued/renewed or the domain name was excluded from the certificate. Renew the certificate manually or request a new one to secure this domain.​

Do you knwo what is wrong ?
Regards
Kris
 
I do not think it is the problem because the information is already in the DNS and it worked well before upgrading to Plesk 18.0.70.

Since I reissued the certificate with "Secure the wildcard domain (including www and webmail)" I have no more messages. May be the certificate just needed to be manually reinstalled in order to work properly. May be the wildcard has no implication but as it is more complex to install, I guess it is safer anyway.

I hope my experience will help people that have the same problem. I find it strange that not anybody has posted this issue here.
 
I do not think it is the problem because the information is already in the DNS and it worked well before upgrading to Plesk 18.0.70.

Since I reissued the certificate with "Secure the wildcard domain (including www and webmail)" I have no more messages. May be the certificate just needed to be manually reinstalled in order to work properly. May be the wildcard has no implication but as it is more complex to install, I guess it is safer anyway.

I hope my experience will help people that have the same problem. I find it strange that not anybody has posted this issue here.

We have the same Issue here, you are not alone.
 
What is the message exactly ?
As I wrote, reissuing the certificate (with wildcard at least and of course installing the information for let's encrypt in the external DNS and waiting for propagation before validating the certificate in Plesk) worked for me for all my domains. It can be something similar to this :

_acme-challenge.azcommunication.fr.
500 TXT "O7niuzwo4zerA0is9bO7C4guiNqrk4a-hYg2Kimj4tk"
 
What is the message exactly ?
As I wrote, reissuing the certificate (with wildcard at least and of course installing the information for let's encrypt in the external DNS and waiting for propagation before validating the certificate in Plesk) worked for me for all my domains. It can be something similar to this :

_acme-challenge.azcommunication.fr.
500TXT"O7niuzwo4zerA0is9bO7C4guiNqrk4a-hYg2Kimj4tk"

ould not secure domains of Max Mustermann (login example) with Let`s Encrypt certificates. Please log in to Plesk and secure the domains listed below manually.
Securing of the following domains has failed:

<none>

The following domains have been secured without some of their Subject Alternative Names:

<none>

Could not renew Let`s Encrypt certificates for Max Mustermann (login example). Please log in to Plesk and renew the certificates listed below manually.
Renewal of the following Let`s Encrypt certificates has failed:

** 'Lets Encrypt example.xyz' [days to expire: 16] **
[-] *.example.xyz
[-] example.xyz

Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz/XXXX/YYYY
Details:
Type: urn:ietf:params:acme:error:unauthorized
Status: 403
Detail: Incorrect TXT record "5iLXXXXXXXXXXXXXXXXXXXXXXXXX" found at _acme-challenge.example.xyz

The following Let`s Encrypt certificates have been renewed without some of their Subject Alternative Names:

<none>


Legend:
[+] This domain is secure. The domain's SSL/TLS certificate from Let`s Encrypt has been issued/renewed.
[-] This domain is not secure. Either the domain's SSL/TLS certificate from Let`s Encrypt could not be issued/renewed or the domain name was excluded from the certificate. Renew the certificate manually or request a new one to secure this domain


In the past this worked fine.
The DNS record shows, that is the key from the last successful renew.
 
Back
Top