My web server is (include version): DV w/SSDs (CentOS 7)
The operating system my web server runs on is (include version): CentOS Linux 7.5.1804 (Core)
My hosting provider, if applicable, is: MediaTemple
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Plesk Onyx 17.5.3
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): Sorry, not sure what this means.
The certificate will not renew either automatically or manually. I believe the problem is DNS related but I’m a little out of my league here so I’m not absolutely certain.
This is the error message I get when attempting a manual upgrade: Your domain in Plesk is hosted on the IP address(es): 220.127.116.11 , but the DNS challenge used another IP: 18.104.22.168 . Make sure that the IP address(es) specified in the domain’s DNS zone match the IP address(es) the domain is hosted on.*
As you can probably tell by the error message we are hosting the site at one IP and the DNS contains another different IP (for mail, etc.). The client has established an www A record to point to our server’s IP in order to allow the site to display at their domain, but all other A records point to a different IP address. Is it possible to correct this problem by adding an additional A record, and, if so, what should that record be? And if, not what can I do to remedy this?
Any help would be greatly appreciated. Thanks in advance, Tom
You could set up an HTTP redirect on the daggerlaw.com server to redirect everything under http://daggerlaw.com/.well-known/acme-challenge/ to the corresponding location under http://www.daggerlaw.com/.well-known/acme-challenge/. In this case Plesk would be technically capable of passing the challenges, although I’m not sure whether it would automatically detect that it was capable of doing so.
Alternatively, you could tell the www.daggerlaw.com machine that it is not responsible for web requests to daggerlaw.com. Then if you want a certificate to work for https://daggerlaw.com/, you would need to obtain that certificate directly on the daggerlaw.com server.
I finally connected with the client’s IT tech. He found that the DNS setup was causing the trouble. He added an A record and we were able to manually renew the certificate. I expect that it will auto renew when the time comes—fingers crossed.