Symptoms
Unable to issue a Let's Encrypt certificate for a domain in Plesk, the process fails with the following error message:
Error: Could not issue a Let's Encrypt SSL/TLS certificate for example.com
The example.com DNS zone contains an AAAA record, but the domain is not assigned an IPv6 address in Plesk.
To resolve the issue, either assign an IPv6 address to example.com ("Websites & Domains" > "Web Hosting Access") or remove the AAAA record from the example.com DNS zone.
See the related Knowledge Base article for details.
Details
Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/qxK-vAPtGYg3YOSEcgZNB7HBd-unn4oX3GLtZWSxVPA.
Details:
Type: urn:acme:error:unauthorized
Status: 403
Cause
Domain resolves to an IPv6 address but the domain is not assigned or does not have an IPv6 in Plesk:
# dig @8.8.8.8 +short -t AAAA example.com
2001:db8:f61:a1ff:0:0:0:80
Resolution
Click on a section to expand
Solution 1. Remove AAAA record from the domain/Plesk DNS zone
- Log in to Plesk
- Go to Domains > example.com > DNS Settings and remove AAAA record
Solution 2. Assign IPv6 address for domain
- Log in to Plesk
- Go to Domains > example.com > Web Hosting Access and assign an IPv6 to the domain.
Note: IPv6 address should exist on network interface and in Tools & Settings > IP Addresses
with