Symptoms
Unable to issue a Let's Encrypt certificate for a domain in Plesk, the process fails with the following error message:
Error: Could not issue a Let's Encrypt SSL/TLS certificate for example.com
The example.com DNS zone contains an AAAA record, but the domain is not assigned an IPv6 address in Plesk.
To resolve the issue, either assign an IPv6 address to example.com ("Websites & Domains" > "Web Hosting Access") or remove the AAAA record from the example.com DNS zone.
See the related Knowledge Base article for details.
Details
Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/qxK-vAPtGYg3YOSEcgZNB7HBd-unn4oX3GLtZWSxVPA.
Details:
Type: urn:acme:error:unauthorized
Status: 403
Cause
Domain resolves to an IPv6 address but the domain is not assigned or does not have an IPv6 in Plesk:
# dig @8.8.8.8 +short -t AAAA example.com
2001:db8:f61:a1ff:0:0:0:80
Resolution
If your server/domain does not support/have IPv6:
Solution 1. Remove AAAA record from the domain/Plesk DNS zone
- Log in to Plesk
- Go to Domains > example.com > DNS Settings and remove AAAA record
Note: If DNS is not managed by Plesk remove the AAAA record on the external DNS server or registrar side.
If your server/domain resolves to an IPv6 but it is not configured in Plesk:
Solution 2. Assign IPv6 address for domain
-
Go to Domains > example.com > Web Hosting Access and assign an IPv6 to the domain.
Note: IPv6 address should exist on network interface and in Tools & Settings > IP Addresses
Note: If you use Cloudflare for DNS management and encounter this issue, refer to the following article:
Let’s Encrypt for domain that uses Cloudflare fails: DNS zone contains an AAAA record but the domain is not assigned an IPv6 address in Plesk
with