Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
I ran this command: Reissue Certification (In Plesk), Assign access to wildcard, Assign to Mail Domain
It produced this output:
Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/11613896558. Details: Type: urn:ietf:params:acme:error:dns Status: 400 Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.kennethrjones.com - check that a DNS record exists for this domain
My web server is (include version): VPS ??
The operating system my web server runs on is (include version): Windows Server 2016
My hosting provider, if applicable, is: GoDaddy
I can login to a root shell on my machine (yes or no, or I don't know): I don't know.
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Plesk Obsidian 18.0.34
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): ??
My domain appears to be secure, but when I go to webmail.kennethrjones.com to check my email it tells me the website is not secure. I have tried to reissue the certificate selecting the option to secure webmail several times. I added the TXT record to the DNS manually and waited 2 days. When I go back to my control panel I keep getting the error above.
Your menu adds your domain name, so now your domain name is duplicated.
Add only an entry with _acme-challenge.
But: Do you really need a wildcard? Isn't it possible to create a certificate via Plesk with your main domain, www and webmail subdomains? Should be possible and easier, you can use http validation, no manual action required.
I'm not really sure if I need a wildcard. I don't have any experience with servers yet. I need to setup a VPS for my graduate program in computer science by the end of the week. My undergraduate degree focused on programming and hardware mainly. I thought the wildcard option would be easier, but I didn't really look up how it was working.
I'll create the TXT record again with the change and I will save that website so I can check it's working in a few hours.
If you recommend not using a wildcard, I will remove that option. I looked it up but really didn't know for sure what it was doing.
My classes on servers and power shell start next week, so I'm hoping to start to understand this better.
Thanks for the help. I'll reply back later to let you know if it's working.
@JuergenAuer It actually appears that it's working already. Removing that wildcard seemed to instantly fix whatever issue there was. I will make sure I try to figure out what that option is actually doing. I don't understand how it changed things. I was clearly doing something wrong.
As a follow-up question: My domain seems to be working now, but it appears that my Plesk control panel is not secure (https://50.62.81.98/smb/web/view) shows in the address bar (https) but it is flagged as "Not Secure" in the browser. I'm not sure why that is happening?
Let's Encrypt requires a different method of validation for wildcard certificates.
If you don't request any wildcard names, this method doesn't have to be used, so it may be easier to automate.
It matters to the browser what name you access the server by. Accessing it by its IP address doesn't match the certificate, because that "name" isn't listed in the certificate—see many previous threads on this forum about that
