Unable to install Let’s Encrypt certificate for a domain and alias: Error: Your domain in Plesk is hosted on the IP address(es) but the DNS challenge used another IP address

Symptoms

• Unable to secure a domain and its aliases using Let's Encrypt. The following error message appears in Plesk:

  Error: Could not issue a Let's Encrypt SSL/TLS certificate for example.com.
  Your domain in Plesk is hosted on the IP address(es): , but the DNS challenge used another IP address: 203.0.113.2.
  Please check the actual DNS zone of your domain and make sure that the IP addresses in the DNS zone and for the hosting are the same.

• The following entries are found in /usr/local/psa/admin/logs/panel.log when Plesk debug mode is enabled:

  WARN [extension/letsencrypt] Cannot get IP addresses for domain 'example2.com': Can not find domain by name 'example2.com'.
  DEBUG [extension/letsencrypt] pm_Exception: Can not find domain by name 'example2.com'

• Domain alias is resolving to another server. This can be checked using the "nslookup" utility:

  # nslookup example.com 8.8.8.8
  Server: 8.8.8.8
  Address: 8.8.8.8#53

  Non-authoritative answer:
  Name: example.com
  Address: 203.0.113.2

  # nslookup example2.com 8.8.8.8
  Server: 8.8.8.8
  Address: 8.8.8.8#53

  Non-authoritative answer:
  Name: example2.com
  Address: 203.0.113.3

Cause

Aliases are resolving to a different server.

Resolution

Point DNS records of aliases to the Plesk server on a registrar side, wait for DNS propagation to be completed and secure the domain and alias;

OR

1. Log into Plesk

2. Go to Domains > example.com > SSL/TLS Certificates > Install

3. Uncheck the alias example2.com in the Available Domain Aliases list:

   

4. Click Get it free.

Additionally, it is possible to enable Synchronize DNS zone with the primary domain option at Domains > example2.com to keep the DNS records synchronized between the domain and its alias.