My domain is:
Deepdream.gallery
I ran this command:
Tried to do letsencrypt via plesk and dns. Record.
It produced this output:
Could not issue an SSL/TLS certificate for Deepdream.gallery
Details
Could not issue a Let's Encrypt SSL/TLS certificate for Deepdream.gallery. Authorization for the domain failed.
Details
Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/201078150646 .
Details:
Type: urn:ietf:params:acme:error:dns
Status: 400
Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.Deepdream.gallery - check that a DNS record exists for this domain
My web server is (include version):
The operating system my web server runs on is (include version): Ubuntu 20.04.5 LTS
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot):
Could it be that the domain extension " .gallery " is a problem here?
I always have problems with dns validation and letsencrypt, it's just a pain to work with it, because I never know the reason for it failing.
No, the domain name seems fine. But, you are using the DNS Challenge and it needs to find a TXT record in your DNS for that domain.
The TXT record should be _acme-challenge.deepdream.gallery
but there is no such record
I don't know Plesk very well or how it handles DNS challenges. Does it do it automatically for you or do you have to create that TXT record manually?
You can look for the TXT record from this site which uses a similar method to Let's Encrypt
https://unboundtest.com
See result of a check I just did:
https://unboundtest.com/m/TXT/_acme-challenge.deepdream.gallery/SQXWRJJM
4 Likes
Yes Plesk adds the dns record by itself and I can see it there, I also waited over night so it can propagate, but still it doesn't gets recognized.
Can you show the screen you see it at? Because unboundtest does not see it, Let's Encrypt server did not, and I can't see it from my own test server.
Looking at your forum history it looks like you had a similar problem. Do you remember what resolved that?
4 Likes
Yes I can :
Yes, I had the same problem and the frustrating part is, I don't really know the solution anymore.
I think It just suddenly worked, but I'm not sure anymore.
OK. I don't know what this is but it is not controlling your DNS.
That screen shows a domain name of ftp.deepdream.gallery
and one for ipv4...
as well. But, neither of those exist in the public DNS.
Your name servers are for a ui-dns
system. Do you know what that is? That's where these values need to be
5 Likes
_az
February 5, 2023, 9:00pm
8
Can you show what the A record for ns1.deepdream.gallery
is, in that file?
To me it looks like Plesk thinks it is using different nameservers to what your domain is actually using.
4 Likes
It is the option where all the DNS records are stored:
I don't really know what you mean with UI -dns systems.
Jojo_87
February 5, 2023, 9:08pm
10
Sure I can, should I hide the IP?
_az
February 5, 2023, 9:11pm
11
It looks like Plesk is writing the DNS _acme-challenge
record to a local DNS zone file.
However, this zone file looks to be unrelated from the nameservers that your domain actually points to:
ns1036.ui-dns.de.
ns1090.ui-dns.org.
ns1036.ui-dns.biz.
ns1102.ui-dns.com.
Probably, you won't be able to use the DNS challenge, unless you can ask your host to configure Plesk to be connected to these nameservers somehow.
Try the HTTP challenge instead.
5 Likes
Osiris
February 5, 2023, 9:13pm
12
The IP addresses of those nameservers seem to be owned by Ionos, which also seems to be the owner of the IP address of the website?
5 Likes
Jojo_87
February 5, 2023, 9:14pm
13
Right, IONOS is my provider where I bought the Domain rights.
Osiris
February 5, 2023, 9:18pm
14
But I agree with @_az in that the settings you're entering in your cPanel thingy aren't corresponding with the actual DNS records of your domain. E.g., when you look at the MX records:
Deepdream.gallery. 3600 IN MX 10 mx00.ionos.de.
Deepdream.gallery. 3600 IN MX 10 mx01.ionos.de.
;; Received 96 bytes from 217.160.80.36#53(ns1036.ui-dns.de) in 21 ms
And not the mail.Deepdream.gallery.
you've setup apparently.
You might want to ask your hosting provider about this.
Also, I'm not sure it's wise to point your NS and MX records to your own domain name by the way, you might want to rethink that and keep it pointed to the Ionos servers as it is now. If you change it, it might break a lot. Or not, I can't say that, only you can know at this stage.
6 Likes
rg305
February 5, 2023, 9:36pm
15
Did you change the nameservers when you bought domain hosting [elsewhere]?
4 Likes
Jojo_87
February 5, 2023, 9:39pm
16
No, I didn't.
The strange thing is, I have 2 other domains running the same settings and it's working, I've no clue what it's different with them.
One is ipanda.help
rg305
February 5, 2023, 9:42pm
17
Please show;
nslookup -q=ns ipanda.help
nslookup -q=ns deepdream.gallery
4 Likes
Jojo_87
February 5, 2023, 9:58pm
18
First of all, I want to thank everyone who is investing time in my issue.
Here are the results running your prompts:
2 Likes
MikeMcQ
February 5, 2023, 10:12pm
19
Thinking about the Plesk config you showed back in post #6 .
If you look at the Plesk config for ipanda does it list the 4 name servers shown in the nslookup command you just did for it? If not, what does it show?
4 Likes
Jojo_87
February 5, 2023, 10:35pm
20
Thats how it looks like in plesk:
and this is the result of ipanda.help and deepdream.gallery using PuTTY: