Could not issue an SSL/TLS certificate for

Hello, I get this error below when I try to install Let's Encrypt SSL Certificate through Plesk.

Could not issue an SSL/TLS certificate for rintojenterveys.fi
Details

Could not issue a Let's Encrypt SSL/TLS certificate for rintojenterveys.fi . Authorization for the domain failed.

Details

Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/12619322631.

Details:

Type: urn:ietf:params:acme:error:dns

Status: 400

Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.rintojenterveys.fi - check that a DNS record exists for this domain

The DNS record does exist on the server. here is a screenshot Screenshot by Lightshot

Should I create the TXT record on my domain registrar as well? or what should I do? please help! thanks.

2 Likes

You should create it on whatever is the authoritative DNS host for your domain. As of now, it isn't there:

 dan@Dan-MacBook-Pro-2013  ~  dig ns rintojenterveys.fi 

; <<>> DiG 9.10.6 <<>> ns rintojenterveys.fi
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5576
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;rintojenterveys.fi.		IN	NS

;; ANSWER SECTION:
rintojenterveys.fi.	86400	IN	NS	ns2.domainhotelli.fi.
rintojenterveys.fi.	86400	IN	NS	ns1.domainhotelli.fi.

;; Query time: 479 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Sun Apr 25 17:34:47 EDT 2021
;; MSG SIZE  rcvd: 97

 dan@Dan-MacBook-Pro-2013  ~  dig @ns1.domainhotelli.fi TXT _acme-challenge.rintojenterveys.fi

; <<>> DiG 9.10.6 <<>> @ns1.domainhotelli.fi TXT _acme-challenge.rintojenterveys.fi
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 33590
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;_acme-challenge.rintojenterveys.fi. IN	TXT

;; AUTHORITY SECTION:
rintojenterveys.fi.	86400	IN	SOA	ns1.domainhotelli.fi. info.domainhotelli.fi. 2021042514 3600 7200 1209600 86400

;; Query time: 150 msec
;; SERVER: 31.217.196.245#53(31.217.196.245)
;; WHEN: Sun Apr 25 17:35:23 EDT 2021
;; MSG SIZE  rcvd: 122
2 Likes

Sorry, I am not much of a technical person, What is an authoritative DNS? What should I do exactly?

I basically have my domain registered with domainhotelli.fi
and my server from hetzner.com

I am using domainhotelli.fi default nameservers and have created an A record over IPV4 pointed to my server IP address and AAAA over IPv6.

I just mentioned those details above in case they would be of any help to figure things out.

2 Likes

Welcome to the Let's Encrypt Community, Bassam :slightly_smiling_face:

You would need to create the TXT record in your DNS at domainhotelli.fi. There should be some type of settings in your account there to do so.

This might help you better understand the dns-01 challenge you are trying to complete:

2 Likes

yeah that fixed it. it worked now. Thanks alot.

3 Likes

You're quite welcome. :slightly_smiling_face:

If you run into anything else, just let us know.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.