Failed SSL/TLS Certificat via DNS

My domain is:

I ran this command:

Tried to do letsencrypt via plesk and dns. Record.

It produced this output:

Could not issue an SSL/TLS certificate for
Could not issue a Let's Encrypt SSL/TLS certificate for Authorization for the domain failed.

Invalid response from


Type: urn:ietf:params:acme:error:dns

Status: 400

Detail: DNS problem: NXDOMAIN looking up TXT for - check that a DNS record exists for this domain

My web server is (include version):

The operating system my web server runs on is (include version): Ubuntu 20.04.5 LTS

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Could it be that the domain extension " .gallery " is a problem here?

I always have problems with dns validation and letsencrypt, it's just a pain to work with it, because I never know the reason for it failing.

No, the domain name seems fine. But, you are using the DNS Challenge and it needs to find a TXT record in your DNS for that domain.

The TXT record should be but there is no such record

I don't know Plesk very well or how it handles DNS challenges. Does it do it automatically for you or do you have to create that TXT record manually?

You can look for the TXT record from this site which uses a similar method to Let's Encrypt
See result of a check I just did:


Yes Plesk adds the dns record by itself and I can see it there, I also waited over night so it can propagate, but still it doesn't gets recognized.

Can you show the screen you see it at? Because unboundtest does not see it, Let's Encrypt server did not, and I can't see it from my own test server.

Looking at your forum history it looks like you had a similar problem. Do you remember what resolved that?


Yes I can :

Yes, I had the same problem and the frustrating part is, I don't really know the solution anymore.
I think It just suddenly worked, but I'm not sure anymore.

OK. I don't know what this is but it is not controlling your DNS.

That screen shows a domain name of and one for ipv4... as well. But, neither of those exist in the public DNS.

Your name servers are for a ui-dns system. Do you know what that is? That's where these values need to be


Can you show what the A record for is, in that file?

To me it looks like Plesk thinks it is using different nameservers to what your domain is actually using.


It is the option where all the DNS records are stored:

I don't really know what you mean with UI -dns systems.

Sure I can, should I hide the IP?

It looks like Plesk is writing the DNS _acme-challenge record to a local DNS zone file.

However, this zone file looks to be unrelated from the nameservers that your domain actually points to:

Probably, you won't be able to use the DNS challenge, unless you can ask your host to configure Plesk to be connected to these nameservers somehow.

Try the HTTP challenge instead.


The IP addresses of those nameservers seem to be owned by Ionos, which also seems to be the owner of the IP address of the website?


Right, IONOS is my provider where I bought the Domain rights.

But I agree with @_az in that the settings you're entering in your cPanel thingy aren't corresponding with the actual DNS records of your domain. E.g., when you look at the MX records:	3600	IN	MX	10	3600	IN	MX	10
;; Received 96 bytes from in 21 ms

And not the you've setup apparently.

You might want to ask your hosting provider about this.

Also, I'm not sure it's wise to point your NS and MX records to your own domain name by the way, you might want to rethink that and keep it pointed to the Ionos servers as it is now. If you change it, it might break a lot. Or not, I can't say that, only you can know at this stage.


Did you change the nameservers when you bought domain hosting [elsewhere]?


No, I didn't.

The strange thing is, I have 2 other domains running the same settings and it's working, I've no clue what it's different with them.

One is

Please show;
nslookup -q=ns
nslookup -q=ns


First of all, I want to thank everyone who is investing time in my issue.

Here are the results running your prompts:



Thinking about the Plesk config you showed back in post #6.

If you look at the Plesk config for ipanda does it list the 4 name servers shown in the nslookup command you just did for it? If not, what does it show?


Thats how it looks like in plesk:

and this is the result of and using PuTTY: