Could not issue an SSL/TLS certificate for webmapasia.com

huanvuduc · September 17, 2021, 3:10am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: webmapasia.com

CPU	DO-Premium-AMD (1 core(s))
Version	Plesk Obsidian v18.0.36_build1800210604.22 os_Ubuntu 20.04
OS	Ubuntu 20.04.3 LTS
Key number	PLSK.08260938.0000

I ran this command: SSL/TLS Certificate

It produced this output:
Could not issue an SSL/TLS certificate for webmapasia.com
Details

Could not issue a Let's Encrypt SSL/TLS certificate for webmapasia.com . Authorization for the domain failed.

Details
Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/31710677740.

Details:
Type: urn:ietf:params:acme:error:dns
Status: 400
Detail: No valid IP addresses found for webmapasia.com

rg305 · September 17, 2021, 4:10am

Hi @huanvuduc, welcome to the LE community forum

You need a functional HTTP site before you can secure it (via HTTP authentication).
The first thing on that list is having an IP address.
webmapasia.com does not resolve to an IP address.
You need to update the DNS zone to return the IP address of that DO server.
OR
Your current nameserver list might also need to be modified - if they aren't the ones where you are going to maintain your DNS zone.
The current authoritative list shows:

webmapasia.com  nameserver = ns-cloud-d1.googledomains.com
webmapasia.com  nameserver = ns-cloud-d2.googledomains.com
webmapasia.com  nameserver = ns-cloud-d3.googledomains.com
webmapasia.com  nameserver = ns-cloud-d4.googledomains.com

rg305 · September 17, 2021, 4:19am

When DO nameservers are queried, an IP address is returned:

Name:    webmapasia.com
Address: 159.203.111.207

And when a DO nameserver is asked: Who are the authoritative nameservers for your domain?
They only list DO nameservers:

nslookup -q=ns webmapasia.com ns1.digitalocean.com

webmapasia.com  nameserver = ns1.digitalocean.com
webmapasia.com  nameserver = ns2.digitalocean.com
webmapasia.com  nameserver = ns3.digitalocean.com

So it seems that you just need to update your nameservers at your domain registrar.

system · October 17, 2021, 4:19am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Continuing the discussion from DNS problem with SSL: Help	3	230	February 13, 2024
Could not issue an SSL/TLS certificate (Error: 403) Help	3	1137	November 26, 2020
Could not issue an SSL/TLS certificate (Status 429) Help	6	811	March 10, 2021
Problem getting new certificate with Plesk (solved) Help	5	471	June 22, 2023
Error: Could not issue a Let's Encrypt SSL/TLS certificate for foo.es. Authorization for the domain failed Help	2	2759	October 13, 2017

Could not issue an SSL/TLS certificate for webmapasia.com

Related topics