My domain is:
I ran this command:
via Plesk extension reissued
It produced this output:
Domain validation failed for centerparcsvergelijk.nl: Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/586968865.
Detail: CAA record for centerparcsvergelijk.nl prevents issuance
I can login to a root shell on my machine (yes or no, or I don’t know):
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The DNS records are;
centerparcsvergelijk.nl. CAA (issuewild) letsencrypt.org
centerparcsvergelijk.nl. CAA (issue) ;
centerparcsvergelijk.nl. CAA (iodef) mailto:[email]
I’m requesting a wildcard certificate.
Your CAA record only allows issuance of a wildcard certificate. It’s pretty common for wildcard certificate requests to also contain the non-wildcard apex. If Plesk is doing that, that’s your problem and you either need to update the record to allow non-wildcards or configure Plesk to stop doing that (no clue if that’s possible).
*Edit: If you click the link to the authorization in your post, you can see it failed on validating an http-01 challenge for the apex centerparcsvergelijk.nl domain.
In Plesk, I believe it now always uses DNS instead of HTTP validation. So I was also wondering why that HTTP part is still there.
It turns out that if you have a single domain certificate on a domain and want to change it to a wildcard certificate, you sometimes must have the issue CAA record set to ‘letsencrypt.org’.
In my case, I’m changing all domains from single domain certificates to wildcard certificates and in 2 out of 30 domains, the issue CAA record was needed.
Thank you for your reply. Forgot to thank you in my new post.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.