Could not issue a Let's Encrypt SSL/TLS certificate. Authorization for the domain failed

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command: From Plesk Obsydian latest, did the Let’s Encrypt GUI button (no command)

It produced this output:

Invalid response from


Type: urn:ietf:params:acme:error:dns

Status: 400

Detail: DNS problem: NXDOMAIN looking up TXT for - check that a DNS record exists for this domain


My web server is (include version): Latest Apache

The operating system my web server runs on is (include version): Ubuntu 18.04

My hosting provider, if applicable, is: DigitalOcean

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Plesk latest Obsydian

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): no/don’t know

My knowledge of this is poor, so please pardon my ignorance.

My Wordpress website on Plesk works fine, so I know that the basic A record/DNS is good. The problem is when I try to assign the SSL certificate and I keep getting this error, and I have absolutely no idea what to look for or what to do. Any help is deeply appreciated.

1 Like


I think you are trying to request a wildcard certificate right?
Your domain is hosted on DigitalOcean’s DNS, which probably are not synced with Plesk (my guess).
From my experience, You can only request Let’s Encrypt wildcard certificate if your DNS is pointed to your Plesk’s designated nameservers. If (like your case) that didn’t work, you can’t obtain any Let’s Encrypt certificate that requiring DNS validation.

A short solution: Try to only request a simple, non-wildcard certificate.

Thank you

1 Like

Hi Steven,

Thank you very much! The simple solution worked. The Plesk is on a DigitalOcean Droplet, so it should all be the same (it’s not hosted on a Plesk server) I think. What do I need to do for wild carded security? Buy a separate certificate?

1 Like

I think Let’s Encrypt plugin might have a way to ask you manually input TXT records, that’s not convinent but it’s working?

If that doesn’t work, you might want to submit a ticket to Plesk and ask their support, as i have no clue how their Let’s Encrypt intergration works now. (I stopped self-host most of my services and moved to siteground)

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.