Please help with a webmail securing issue: Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/13563763639

SilentPhil · May 30, 2021, 12:25pm

Hello , sorry to ask this but I am at a complete loss as how to fix this up , everything is all good except I cannot secure webmail and to be honest I dont know alot of this technical stuff , I ran a check on check your website and here is the link if anyone could please help me

My domain is: thepatchyaffair.com.au

I ran this command: reissue certificate

It produced this output: Could not issue an SSL/TLS certificate for thepatchyaffair.com.au
Details

Could not issue a Let's Encrypt SSL/TLS certificate for thepatchyaffair.com.au . Authorization for the domain failed.

Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/13563763639.

Details:

Type: urn:ietf:params:acme:error:dns

Status: 400

Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.thepatchyaffair.com.au - check that a DNS record exists for this domain

My web server is (include version):plesk

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:vultr

stevenzhu · May 30, 2021, 1:28pm

Hi,

Did you tried to check "Use wildcard" for your certificate when requesting it through Plesk instance? If so, then you MUST point your domain's DNS also to Plesk.

You can still get a certificate even if you don't, just choose to not get a wildcard certificate for that option.

P.S. If you are self-hosting your Plesk instance and uncertain whether it's stable enough (or robust enough) for NS servers, it might be a good idea to host your domain DNS elsewhere to ensure speed and reliability.

SilentPhil · May 30, 2021, 2:34pm

thankyou very much for your reply , Yes i believe this is all fixed up now and webmail is secured thankyou....

not sure if you could help with something like this though? I still have the problem of when using an email client to send normal emails (not transactional), google, microsoft etc cannot verify that its my domain sending the emails , what record controls this and where does it go? plesk or on nameserver? sorry this has nothing to do with lets encrypt

stevenzhu · May 30, 2021, 3:03pm

It's not part of Let's Encrypt, but fortunately I know something about.

It's SPF, DKIM and DMARC. (You might also need PTR on your IP).

You need to add all three record onto your nameservers ultimately. However, each of those need some setup.
For SPF, you'll need to add your sending server's IP to the record.
For DKIM, it's part of Plesk that you can generate and configure.
For DMARC, it's optional but also worth doing.

Read: DKIM, SPF, and DMARC Protection | Plesk Onyx documentation and DKIM, SPF, and DMARC Protection | Plesk Obsidian documentation

SilentPhil · May 30, 2021, 3:59pm

Oh wow mate excellent thank you very much for the information! , I will be going over this right now as im pretty sure ive broken it lmao. At the moment I still get lost between the difference of namecheap dns and my plesk dns options but thankyou again sir very good

system · June 29, 2021, 4:00pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.