Could not issue an SSL/TLS certificate for domain.com Details Could not issue a Let's Encrypt SSL/TLS certificate for domain.com. Authorization for the domain failed

6sisyon · August 31, 2020, 1:14pm

rg305:

6sisyon:

|visyon-hub.com.|NS|ns1.visyon-hub.com.|

||visyon-hub.com.|NS|ns2.visyon-hub.com.|

don’t match these entries:
visyon-hub.com  nameserver = ns59.domaincontrol.com
visyon-hub.com  nameserver = ns60.domaincontrol.com
You should remove them.

At these moments i have this entries in my goddady:

|A|@|54.225.75.68|
|A|*|54.225.75.68|
|A|ipv4.visyon-hub.com|54.225.75.68|
|A|mail.visyon-hub.com|54.225.75.68|
|A|ns59.domaincontrol.com|54.225.75.68|
|A|webmail|54.225.75.68|
|A|webmail.visyon-hub.com|54.225.75.68|
|CNAME|www|@|
|CNAME|_domainconnect|_domainconnect.gd.domaincontrol.com|
|NS|@|ns59.domaincontrol.com|
|NS|@|ns60.domaincontrol.com|
|NS|visyon-hub.com|ns1.visyon-hub.com|
|NS|visyon-hub.com|ns2.visyon-hub.com|
|SOA|@|Nombre del servidor principal: ns59.domaincontrol.com.|
|TXT|_acme-challenge.visyon-hub.com|nvFgUPei63AzslCCZY5RsFqYXXw1YEmxtIZFz|

Is it correct?

And the error is:

Started issuing a wildcard SSL/TLS certificate from Let's Encrypt for the domain visyon-hub.com.

Please wait while Plesk finishes adding a DNS record with the following parameters:
Record type: TXT
Domain name: _acme-challenge .visyon-hub.com
Record: R0olWlLEYTml59g--e3HMEvy-Of8Q3JhFBe-zz8NJjM

To terminate and delete the existing certificate request, click "Cancel".

Before clicking "Reload", make sure that the DNS record was added and can be resolved externally.

rg305 · August 31, 2020, 1:36pm

Not needed - remove.

rg305 · August 31, 2020, 1:37pm

inaccurate - remove them

rg305 · August 31, 2020, 1:39pm

outdated/expired - remove/replace with current TXT record

rg305 · August 31, 2020, 1:39pm

6sisyon · August 31, 2020, 1:50pm

I have removed and replace it, is this correct?

|A|@|54.225.75.68|
|A|*|54.225.75.68|
|A|ipv4.visyon-hub.com|54.225.75.68|
|A|mail.visyon-hub.com|54.225.75.68|
|A|webmail|54.225.75.68|
|A|webmail.visyon-hub.com|54.225.75.68|
|CNAME|www|@|
|CNAME|_domainconnect|_domainconnect.gd.domaincontrol.com|
|NS|@|ns59.domaincontrol.com|
|NS|@|ns60.domaincontrol.com|
|SOA|@|Nombre del servidor principal: ns59.domaincontrol.com.|
|TXT|_acme-challenge.visyon-hub.com|R0olWlLEYTml59g--e3HMEvy-Of8Q3JhFBe-zz8NJjM|

rg305 · August 31, 2020, 1:54pm

That may also now be outdated.
You need to run the cert request and it will show you a new TXT record.
pause there and add the record to your DNS
then confirm the record shows in both DNS servers (ns59 and ns60)
then continue the cert request

6sisyon · August 31, 2020, 2:17pm

I reissue the certificate, then verify and add the DNS registry in goddady:

Started issuing a wildcard SSL/TLS certificate from Let's Encrypt for the domain visyon-hub.com.

Please wait while Plesk finishes adding a DNS record with the following parameters:
Record type: TXT
Domain name: _acme-challenge .visyon-hub.com
Record: -RFxkwOjLq_arWeRoA91F9KvLRoBXlPzUQlGjy_H37U

To terminate and delete the existing certificate request, click "Cancel".

Before clicking "Reload", make sure that the DNS record was added and can be resolved externally.

DNS Goddady:
|A|@|54.225.75.68|
| --- | --- | --- | --- | --- |
|A|*|54.225.75.68|
|A|ipv4.visyon-hub.com|54.225.75.68|
|A|mail.visyon-hub.com|54.225.75.68|
|A|webmail|54.225.75.68|
|A|webmail.visyon-hub.com|54.225.75.68|
|CNAME|www|@|
|CNAME|_domainconnect|_domainconnect.gd.domaincontrol.com|
|NS|@|ns59.domaincontrol.com|
|NS|@|ns60.domaincontrol.com|
|SOA|@|Nombre del servidor principal: ns59.domaincontrol.com.|
|TXT|_acme-challenge.visyon-hub.com| -RFxkwOjLq_arWeRoA91F9KvLRoBXlPzUQlGjy_H37U**|
DNS Plesk:

mail.visyon-hub.com. A 54.225.75.68

webmail.visyon-hub.com. A 54.225.75.68

ns2.visyon-hub.com. A 54.225.75.68

ns1.visyon-hub.com. A 54.225.75.68

ipv4.visyon-hub.com. A 54.225.75.68

visyon-hub.com. A 54.225.75.68

ftp.visyon-hub.com. CNAME visyon-hub.com.

www.visyon-hub.com. CNAME visyon-hub.com.

visyon-hub.com. MX (10) mail.visyon-hub.com.

visyon-hub.com. NS ns2.visyon-hub.com.

visyon-hub.com. NS ns1.visyon-hub.com.

_domainkey.visyon-hub.com. TXT o=-

_dmarc.visyon-hub.com. TXT v=DMARC1; p=none

default._domainkey.visyon-hub.com. TXT v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEmPpzJDsJmQfggbHqGeers2HCa2IbJsgBfywnPwI6j8NP9XWFwv225/ikEVNgA+8/hoC90QBN5FJYlJ0ycbrqbQDvQmdm0Z3dz7DT88yxH5tAmfO+UCISrcIeZJbxyU/iI0txSFwyLzhVwkL5p+1puaEj7FmnYu4rNa2kpa6lwQIDAQAB;

visyon-hub.com. TXT v=spf1 +a +mx +a:plesk.visyonapps.com -all

_domainconnect.visyon-hub.com. TXT domainconnect.plesk.com/host/plesk.visyonapps.com/port/8443

_acme-challenge.visyon-hub.com. TXT -RFxkwOjLq_arWeRoA91F9KvLRoBXlPzUQlGjy_H37U

How i can confirm the record shows in both DNS servers (ns59 and ns60)?

screen

rg305 · August 31, 2020, 2:19pm

nslookup -q=txt _acme-challenge.visyon-hub.com ns59.domaincontrol.com
nslookup -q=txt _acme-challenge.visyon-hub.com ns60.domaincontrol.com

rg305 · August 31, 2020, 2:23pm

You are adding the entire FQDN to the domain:

nslookup -q=txt _acme-challenge.visyon-hub.com.visyon-hub.com ns59.domaincontrol.com
_acme-challenge.visyon-hub.com.visyon-hub.com   text =

        "-RFxkwOjLq_arWeRoA91F9KvLRoBXlPzUQlGjy_H37U"

DO NOT ADD TXT RECORD:
“_acme-challenge.visyon-hub.com”
ONLY ADD TXT RECORD:
“_acme-challenge”

6sisyon · August 31, 2020, 2:25pm

OK:

|A|@|54.225.75.68|
|A|*|54.225.75.68|
|A|ipv4.visyon-hub.com|54.225.75.68|
|A|mail.visyon-hub.com|54.225.75.68|
|A|webmail|54.225.75.68|
|A|webmail.visyon-hub.com|54.225.75.68|
|CNAME|www|@|
|CNAME|_domainconnect|_domainconnect.gd.domaincontrol.com|
|NS|@|ns59.domaincontrol.com|
|NS|@|ns60.domaincontrol.com|
|SOA|@|Nombre del servidor principal: ns59.domaincontrol.com.|
|TXT|_acme-challenge|-RFxkwOjLq_arWeRoA91F9KvLRoBXlPzUQlGjy_H37U|

rg305 · August 31, 2020, 2:26pm

now press reload

6sisyon · August 31, 2020, 2:33pm

It seems works:

How can i check everything it’s ok?

rg305 · August 31, 2020, 2:36pm

6sisyon · August 31, 2020, 2:46pm

It works perfect:

Thanks you very much for your help.

Best regards.

rg305 · August 31, 2020, 2:48pm

I accept beer4.work
Or
feel free to donate to LetsEncrypt

Either way,
Cheers from Miami

system · September 30, 2020, 2:49pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

mail.visyon-hub.com.	A	54.225.75.68
webmail.visyon-hub.com.	A	54.225.75.68
ns2.visyon-hub.com.	A	54.225.75.68
ns1.visyon-hub.com.	A	54.225.75.68
ipv4.visyon-hub.com.	A	54.225.75.68
visyon-hub.com.	A	54.225.75.68
ftp.visyon-hub.com.	CNAME	visyon-hub.com.
www.visyon-hub.com.	CNAME	visyon-hub.com.
visyon-hub.com.	MX (10)	mail.visyon-hub.com.
visyon-hub.com.	NS	ns2.visyon-hub.com.
visyon-hub.com.	NS	ns1.visyon-hub.com.
_domainkey.visyon-hub.com.	TXT	o=-
_dmarc.visyon-hub.com.	TXT	v=DMARC1; p=none
default._domainkey.visyon-hub.com.	TXT	v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEmPpzJDsJmQfggbHqGeers2HCa2IbJsgBfywnPwI6j8NP9XWFwv225/ikEVNgA+8/hoC90QBN5FJYlJ0ycbrqbQDvQmdm0Z3dz7DT88yxH5tAmfO+UCISrcIeZJbxyU/iI0txSFwyLzhVwkL5p+1puaEj7FmnYu4rNa2kpa6lwQIDAQAB;
visyon-hub.com.	TXT	v=spf1 +a +mx +a:plesk.visyonapps.com -all
_domainconnect.visyon-hub.com.	TXT	domainconnect.plesk.com/host/plesk.visyonapps.com/port/8443
_acme-challenge.visyon-hub.com.	TXT	-RFxkwOjLq_arWeRoA91F9KvLRoBXlPzUQlGjy_H37U