DNS Problem using Plesk - Status 400

Jojo_87 · October 22, 2021, 11:46am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

ipanda.help

I ran this command:

I used Plesk own - Let´s Encrypt Button

It produced this output:

Could not issue an SSL/TLS certificate for ipanda.help
Details

Could not issue a Let's Encrypt SSL/TLS certificate for ipanda.help . Authorization for the domain failed.

Details

Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/42108100931.

Details:

Type: urn:ietf:params:acme:error:dns

Status: 400

Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.ipanda.help - check that a DNS record exists for this domain

My web server is (include version):

Plesk Obsidian
Version 18.0.39

The operating system my web server runs on is (include version):

Ubuntu 20.04.3 LTS

My hosting provider, if applicable, is:

IONOS

I can login to a root shell on my machine (yes or no, or I don't know):

yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Jojo_87 · October 22, 2021, 11:48am

The DNS records is there.

I found this page on plesk support, where it states I should install the latest version, but my plesk version is the the last one.

MikeMcQ · October 22, 2021, 2:47pm

@Jojo_87 First off, I do not know Plesk very much. Perhaps these general comments will help anyway.

The message you are getting is for a missing TXT record in your DNS zone records. A TXT record is needed when doing a DNS challenge typically for a wildcard cert. See your DNS zone here:
https://toolbox.googleapps.com/apps/dig/#TXT/
I do not know how Plesk works with your DNS to add or remove these.

Do you have to issue a wildcard cert? If not, the HTTP challenge would work through your existing server on port 80. Links for these options were shown in the comments of the plesk support thread you posted so I will not repeat them.

For specific Plesk help you will have to wait for someone else

Jojo_87 · October 22, 2021, 3:21pm

@MikeMcQ Thank you for your response.

Yes, I have to issue a wildcard certification.

Plesk generates the required DNS automatically.

I waited 3 days to propagate, but it still doesn´t show up.

Port 80 is also not blocked.

I´m stuck on this. Fun thing, I have other domains where it worked just fine.

sahsanu · October 22, 2021, 3:49pm

Hi @Jojo_87,

Those other domains are also using ui-dns DNS servers? I mean, ipanda.help is using these DNS servers:

$ dig ipanda.help ns +short                                                                                                                                       
ns1061.ui-dns.biz.
ns1067.ui-dns.com.
ns1077.ui-dns.org.
ns1035.ui-dns.de.

Are you sure Plesk is updating those servers? Because I can't get the txt record for _acme-challenge too.

$ dig _acme-challenge.ipanda.help txt

; <<>> DiG 9.16.1-Ubuntu <<>> _acme-challenge.ipanda.help txt
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 9580
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;_acme-challenge.ipanda.help.   IN      TXT

;; AUTHORITY SECTION:
ipanda.help.            600     IN      SOA     ns1067.ui-dns.com. hostmaster.1und1.com. 2017060111 28800 7200 604800 600

;; Query time: 79 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: vie oct 22 17:48:21 CEST 2021
;; MSG SIZE  rcvd: 126

Double check it.

Cheers,
sahsanu

MikeMcQ · October 22, 2021, 3:51pm

@Jojo_87 I also think you might have a nameserver problem. Plesk does not seem to be updating the ones you are using (it looks to need the ones in Ionos)

In fact, I was just going to post the details that @sahsanu did

I found this post at the Plesk forums from a Plesk guru. This may help resolve your problem:

system · November 21, 2021, 3:51pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.