Renewal of an expired certificate

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.df2jp.de

I ran this command: ?

It produced this output: ?

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:onyx hosting

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Plesk

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Hello,

I have been "struggling" since January with an expired certificate for my website www.df2jp.de
I have tried several times to renew the certificate via Plesk, without success.

What can I do?

There are many things that can prevent you getting your certificate but usually there is an error message somewhere that provides a clue as to what could be going wrong.

The first most obvious thing I can see to start with is that your DNS sometimes fails to answer CAA - a CAA record tells the certificate authority if it's allowed to issue certificates or not, and if you don't have one that means anyone CA can be used to issue certificates for your domain, but a response of SERVFAIL means your DNS server either didn't understand the question or fell over trying to provide the answer.

However when I check your dns it seems to be working OK:
https://dnsviz.net/d/www.df2jp.de/dnssec/

Is there any possibility that your DNS nameservers are only responding to queries from certain countries?

Looks better now...

not really

You would need access to your DNS providers API if they offer it then
create a txt record in your DNS (as the error states) for it to work
eg;

_acme-challenge.df2jp.de  	TXT 	@ 

Please read the documentation here:

Have you tried talking with your hosting company support?

They probably provided that Plesk setup and can help sort out problems. It's usually part of what you pay for with a complete hosting service.

@df2jp FYI - their forum is here https://talk.plesk.com/

@df2jp This error states that the software you are using to get your certificate is trying to use DNS domain validation, which involves updating a TXT record in your domains DNS settings. Usually that requires your DNS hosting provider uses a supported API for automation and requires saved API credentials (which may expire or change).

Did you choose to use DNS validation on purpose? HTTP validation would be the normal default but some people have to use DNS validation either because they want a wildcard certificate or they can't/won't allow HTTP (tcp port 80).

[Does Plesk also think it's hosting your DNS for your domain? If so that would explain choosing DNS validation, your DNS is hosted with dns1.de which appears to be a company called Key Systems]

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.