Webmail Not Secure

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: kennethrjones.com, webmail.kennethrjones.com

I ran this command: Reissue Certification (In Plesk), Assign access to wildcard, Assign to Mail Domain

It produced this output:

Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/11613896558.
Type: urn:ietf:params:acme:error:dns
Status: 400
Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.kennethrjones.com - check that a DNS record exists for this domain

My web server is (include version): VPS ??

The operating system my web server runs on is (include version): Windows Server 2016

My hosting provider, if applicable, is: GoDaddy

I can login to a root shell on my machine (yes or no, or I don't know): I don't know.

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Plesk Obsidian 18.0.34

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): ??

My domain appears to be secure, but when I go to webmail.kennethrjones.com to check my email it tells me the website is not secure. I have tried to reissue the certificate selecting the option to secure webmail several times. I added the TXT record to the DNS manually and waited 2 days. When I go back to my control panel I keep getting the error above.

1 Like

Hi @krjvps

you have created the wrong TXT entry, see https://check-your-website.server-daten.de/?q=kennethrjones.com#txt

Your menu adds your domain name, so now your domain name is duplicated.

Add only an entry with _acme-challenge.

But: Do you really need a wildcard? Isn't it possible to create a certificate via Plesk with your main domain, www and webmail subdomains? Should be possible and easier, you can use http validation, no manual action required.


I'm not really sure if I need a wildcard. I don't have any experience with servers yet. I need to setup a VPS for my graduate program in computer science by the end of the week. My undergraduate degree focused on programming and hardware mainly. I thought the wildcard option would be easier, but I didn't really look up how it was working.

I'll create the TXT record again with the change and I will save that website so I can check it's working in a few hours.

If you recommend not using a wildcard, I will remove that option. I looked it up but really didn't know for sure what it was doing.

My classes on servers and power shell start next week, so I'm hoping to start to understand this better.

Thanks for the help. I'll reply back later to let you know if it's working.

1 Like

@JuergenAuer It actually appears that it's working already. Removing that wildcard seemed to instantly fix whatever issue there was. I will make sure I try to figure out what that option is actually doing. I don't understand how it changed things. I was clearly doing something wrong.

As a follow-up question: My domain seems to be working now, but it appears that my Plesk control panel is not secure ( shows in the address bar (https) but it is flagged as "Not Secure" in the browser. I'm not sure why that is happening?

Thanks for the help.


Let's Encrypt requires a different method of validation for wildcard certificates.

If you don't request any wildcard names, this method doesn't have to be used, so it may be easier to automate.

It matters to the browser what name you access the server by. Accessing it by its IP address doesn't match the certificate, because that "name" isn't listed in the certificate—see many previous threads on this forum about that



Thanks for the help.

1 Like

Different validation methods, that's all.

http validation is much simpler, you don't need to add a TXT entry, it's only a file. Two subdomains -> a wildcard isn't required.

Happy to read you have fixed it :+1:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.