Could not issue an SSL/TLS certificate for domain.com Details Could not issue a Let's Encrypt SSL/TLS certificate for domain.com. Authorization for the domain failed

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

  • My domain is: visyon-hub.com

  • I ran this command: upgrade certificate (from plesk) selecting all checks:

Let’s Encrypt is a certificate authority (CA) that allows you to create a free SSL/TLS certificate for your domain. By proceeding you acknowledge that you have read and agree to the Let’s Encrypt Terms of Service. Note: The certificate will be automatically renewed 30 days in advance before its expiration.

:white_check_mark:Email address: sysadmin@visyon-hub.com

Make sure to use a valid email address to receive important notifications and warnings.

:white_check_mark:Secure the wildcard domain (including www and webmail)

*.visyon-hub.com

:white_check_mark:Include a “www” subdomain for the domain and each selected alias

www.visyon-hub.com

:white_check_mark:Secure webmail on this domain

webmail.visyon-hub.com

:white_check_mark:Assign the certificate to mail domain

IMAP, POP, SMTP on visyon-hub.com

Get it free

  • It produced this output:

Could not issue an SSL/TLS certificate for visyon-hub.com Details Could not issue a Let’s Encrypt SSL/TLS certificate for visyon-hub.com. Authorization for the domain failed.

  • My web server is (include version):

Plesk Obsidian Web Pro Edition

Version 18.0.29 Update #2

  • The operating system my web server runs on is (include version):

CentOS Linux 7

  • I can login to a root shell on my machine:

Yes

  • I’m using a control panel to manage my site (no, or provide the name and version of the controlpanel):

Plesk

  • The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

Let’s Encrypt Version 2.11.1-640 plesk extension

  • Extra: This file contains /usr/local/psa/var/modules/letsencrypt/orders/74a8c674d41b28f7d043f2d2f17b1cdb58e039cd.json

{“status”:“pending”,“location”:“https://acme-v02.api.letsencrypt.org/acme/order/94759992/4859289480",“subjects”:[" visyon-hub.com”,"*.visyon-hub.com"],“confirmationType”:“manual”,“challenges”:[{“location”:"

https://acme-v02.api.letsencrypt.org/acme/chall-v3/6745295682/8OXQcA",“isPerformed”:true,“isConfirmed”:true,“performedParams”:{“solver”:“PleskExt\Letsencrypt\ChallengeSolver\DomainHttpSolver”,"performed

Date":“2020-08-25T16:36:35+00:00”}},{“location”:"https://acme-v02.api.letsencrypt.org/acme/chall-v3/6767979477/ponDlA",“isPerformed”:true,“isConfirmed”:false,“performedParams”:{“solver”:"PleskExt\Letsencr

ypt\ChallengeSolver\DomainLocalDnsSolver",“performedDate”:“2020-08-25T16:36:37+00:00”,“isSuccessfully”:true,“type”:“TXT”,“host”:"_acme-challenge",“value”:“wTOMS3ur2oaM0SEaXdsaPKDIKo7TJLnXFUWyB8i5heg”}}]}[root@

2

I have to ask:
Is your domain really “domain.com” ?

3

Of course no, is really needed? If it’s a problem can rewrite the description.

Now there are a real data.

Thanks in advance for your interest.

4

I guess you didn't read.

5

Hi @6sisyon

you want to create a wildcard. So dns validation is required.

And you have selected manual. So do your job and create the required TXT entry.

PS: Checks of your domain, ~~30 minutes old - visyon-hub.com - Make your website better - DNS, redirects, mixed content, certificates

There is no TXT entry.

6

  • Please wait while Plesk finishes adding a DNS record with the following parameters:
    Record type: TXT
    Domain name: _acme-challenge.visyon-hub.com
    Record: wTOMS3ur2oaM0SEaXdsaPKDIKo7TJLnXFUWyB8i5heg
    To terminate and delete the existing certificate request, click “Cancel”.
    Before clicking “Reload”, make sure that the DNS record was added and can be resolved externally.

  • In my dns settings i have the required TXT entry (Plesk & Godaddy):
    _acme-challenge.visyon-hub.com.](https://plesk.visyonapps.com:8443/smb/dns-zone/edit-record/id/43/type/domain/recordId/3053) TXT wTOMS3ur2oaM0SEaXdsaPKDIKo7TJLnXFUWyB8i5heg

But doesn’t work…

7

You don't. Or better: You have used the not relevant place.

There

D:\temp>nslookup -type=TXT _acme-challenge.visyon-hub.com. 97.74.100.31
Server: UnKnown
Address: 97.74.100.31

visyon-hub.com
primary name server = ns59.domaincontrol.com
responsible mail addr = dns.jomax.net
serial = 2020082502
refresh = 28800 (8 hours)
retry = 7200 (2 hours)
expire = 604800 (7 days)
default TTL = 600 (10 mins)

is nothing. ns59.domaincontrol.com / 97.74.100.31 is one of your name servers, not that local Plesk.

You must add the entry in your GoDaddy menu.

PS: And "check-your-website" must see the entry / listed in the TXT part.

1 Like
8

  • I have the entry: A ns59.domaincontrol.com 97.74.100.31 in my godaddy menu.

  • And i still reciving the same error:

Could not issue an SSL/TLS certificate for visyon-hub.com
Details

Could not issue a Let’s Encrypt SSL/TLS certificate for visyon-hub.com . Authorization for the domain failed.

Details

Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/6783585900.

Details:

Type: urn:ietf:params:acme:error:unauthorized

Status: 403

Detail: No TXT record found at _acme-challenge.visyon-hub.com

  • I don’t know where the fail is…
9

There is again no TXT RR. So it can't work.

Doing the same error again is a little bit curious.

10

The orders says:

{“status”:“invalid”,“location”:“https://acme-v02.api.letsencrypt.org/acme/order/94759992/4871229461",“subjects”:[“visyon-hub.com”,"*.visyon-hub.com"],“confirmationType”:“manual”,“challenges”:[{“location”:"
https://acme-v02.api.letsencrypt.org/acme/chall-v3/6745295682/8OXQcA",“isPerformed”:true,“isConfirmed”:true,“performedParams”:{“solver”:“PleskExt\Letsencrypt\ChallengeSolver\DomainHttpSolver”,"performed
Date”:“2020-08-26T10:37:12+00:00”}},{“location”:“https://acme-v02.api.letsencrypt.org/acme/chall-v3/6783939650/WJdm4g",“isPerformed”:true,“isConfirmed”:true,“performedParams”:{“solver”:"PleskExt\Letsencry
pt\ChallengeSolver\DomainLocalDnsSolver”,“performedDate”:“2020-08-26T10:37:15+00:00”,“isSuccessfully”:true,“type”:“TXT”,“host”:"_acme-challenge",“value”:“g0LNIaH8addtrSNotqnBuncHkmyIoWeP3fcd5EVGvK4”}}]}[root@i

11

Says not:

https://acme-v02.api.letsencrypt.org/acme/chall-v3/6783939650/WJdm4g

type “dns-01”
status “invalid”
error
type “urn:ietf:params:acme:error:unauthorized”
detail “No TXT record found at _acme-challenge.visyon-hub.com”
status 403
url https://acme-v02.api.letsencrypt.org/acme/chall-v3/6783939650/WJdm4g
token “sRc5NiM_DG8m-QwFFIAIi_-YDRh09ROVs_4POX8_RvU”

Same checking your order:

https://acme-v02.api.letsencrypt.org/acme/order/94759992/4871229461

PS: The token is not the required TXT entry.

12

What could be failing? in godaddy I have these registries:

|A|@|54.225.75.68|600
|A|*|54.225.75.68
|A|ipv4.visyon-hub.com|54.225.75.68
|A|mail.visyon-hub.com|54.225.75.68
|A|ns1.visyon-hub.com|54.225.75.68
|A|ns2.visyon-hub.com|54.225.75.68
|A|webmail|54.225.75.68
|A|webmail.visyon-hub.com|54.225.75.68
|CNAME|www|@
|CNAME|_domainconnect|_domainconnect.gd.domaincontrol.com
|NS|@|ns59.domaincontrol.com
|NS|@|ns60.domaincontrol.com
|NS|visyon-hub.com|ns1.visyon-hub.com
|NS|visyon-hub.com|ns2.visyon-hub.com
|SOA|@|Main Server: ns59.domaincontrol.com.
|TXT|_acme-challenge.visyon-hub.com|K0PTtr9Lugm7uXWT5NKFZj_zmYLPn1Tfuo_EuToNAzQ
|A|ns59.domaincontrol.com|97.74.100.31

13

Not really. Completely wrong.

Why do you think such a configuration should work?

That's a delegation from visyon-hub.com.visyon-hub.com to ns1.visyon-hub.com, but these don't answer.

So the real definition _acme-challenge.visyon-hub.com.visyon-hub.com with a duplicated domain name (because the menu adds the domain name) goes to that not existing name server.

Please read

Then it will work. Not earlier.

14

Hi JuergenAuer,

I have checked my "website", my DNS settings in plesk are:

Host Record type Value
_domainkey.visyon-hub.com. TXT o=-
_domainconnect.visyon-hub.com. TXT domainconnect.plesk.com/host/plesk.visyonapps.com/port/8443
_dmarc.visyon-hub.com. TXT v=DMARC1; p=none
_acme-challenge.visyon-hub.com. TXT K0PTtr9Lugm7uXWT5NKFZj_zmYLPn1Tfuo_EuToNAzQ
www.visyon-hub.com. CNAME visyon-hub.com.
webmail.visyon-hub.com. A 54.225.75.68
visyon-hub.com. TXT v=spf1 +a +mx +a:plesk.visyonapps.com -all
visyon-hub.com. NS ns1.visyon-hub.com.
visyon-hub.com. MX (10) mail.visyon-hub.com.
visyon-hub.com. A 54.225.75.68
visyon-hub.com. NS ns2.visyon-hub.com.
ns2.visyon-hub.com. A 54.225.75.68
ns1.visyon-hub.com. A 54.225.75.68
mail.visyon-hub.com. A 54.225.75.68
ipv4.visyon-hub.com. A 54.225.75.68
ftp.visyon-hub.com. CNAME visyon-hub.com.
default._domainkey.visyon-hub.com. TXT v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEmPpzJDsJmQfggbHqGeers2HCa2IbJsgBfywnPwI6j8NP9XWFwv225/ikEVNgA+8/hoC90QBN5FJYlJ0ycbrqbQDvQmdm0Z3dz7DT88yxH5tAmfO+UCISrcIeZJbxyU/iI0txSFwyLzhVwkL5p+1puaEj7FmnYu4rNa2kpa6lwQIDAQAB;

But the problem still persist, any new idea?

15

You are doing the wrong things again and again. And you don't read my 6 days old answer.

Your Plesk is unrelevant.

16

I have read your answer again and again. I have the entry in goddady: ns59.domaincontrol.com / 97.74.100.31

What should i read exactly?

17

These entries:

don't match these entries:

visyon-hub.com  nameserver = ns59.domaincontrol.com
visyon-hub.com  nameserver = ns60.domaincontrol.com

You should remove them.

18

That entry is "broken"

19

That entry should not need the "default." beginning.
Delete it and replace it with the proper name.

20

Those are NOT your name servers.
Delete them.