DNSViz reporting all domains as being okay today, as VeriSign were doing last night, but LE cert rotation still fails with the same error, but then...
In Plesk, deselect all cert options except the unqualified principal domain name, i.e. the CN. No www name. No wildcard. No additional domains, just the one single unqualified name, run the update and it works. But it doesn't end there. Look at what was issued...
Of course this leaves the issue unresolved. Just what is going on and why these failures? I'll have to ask Plesk why I get a 'full set' renewal having selected only the single unqualified name, but the fact the cert was issued says DNS must be okay.
