Plesk & SocialBee have teamed up. Save 30% now!

Get the Deal

Knowledge Base

Issuing a Let’s Encrypt SSL certificate failed: the domain’s nameservers may be malfunctioning

 
2022cloudflaredigicertdnsdns statistics

Symptoms

  • Issuing or reissuing a Let's Encrypt SSL certificate for a Plesk domain fails with errors that are similar to the following:

    [2022-05-14 01:52:46.070] 30041:627efd312fc37 ERR [extension/letsencrypt] Domain validation failed for www.example.com: Invalid response from https://ac
    me-v02.api.letsencrypt.org/acme/authz-v3/108318164646.
    Details:
    Type: urn:ietf:params:acme:error:dns
    Status: 400
    Detail: 203.0.113.2: Fetching https://www.example.com/.well-known/acme-challenge/Lcri7ymOYda_DwacaWDVnukyUT49GXVvWMIZuPe-8Xk: DNS problem: SERVFAIL looking up A for www.example.com - the domain's nameservers may be malfunctioning; no valid AAAA records found for www.example.com
    [2022-05-14 01:52:58.866] 30041:627efd312fc37 ERR [extension/letsencrypt] Domain validation failed for example.com: Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/108318236806.

Cause

Temporary issues with DNS resolution caused by network connectivity troubles on the side of the server provider. If external nameservers are used and the primary DNS zone for the domain is external, connectivity issues to them are a likely cause for the issue.

Alternatively, all DNS records have been removed from the DNS zone of the domain on the side of its primary DNS zone (regardless of whether it resides on the side of the plesk server or not).

Resolution

For the first scenario, you should wait for the network connectivity troubles to be resolved on the side of the server provider and make sure the domain is properly resolvable and attempt to reissue the certificate.

If the primary DNS zone for the domain resides on the side of Plesk and the DNS records for this domain have been removed entirely and you see no records while going to Plesk > Domains > Hosting & DNS > DNS, the recommendation is to reset the DNS zone by following these steps:

1. Log into Plesk

2. Go to Domains > Hosting & DNS > DNS

3. Press the Reset to Default button

4. Confirm the IP address details on the next screen and press OK

This action will recreate the necessary A and AAA DNS records

Additional information

How to check propagation of DNS records for a Plesk domain?

What is DNS? | How DNS works | Cloudflare

Adding and Modifying DNS Records | Managing DNS Records | Plesk Obsidian documentation

What is DNS propagation? | DigiCert FAQ

Read the full article
Related Posts
Knowledge Base

Hosting Wiki

Industry
Partners

industry-partner_ALIBABA
industry-partner_GOOGLEPARTNER
industry-partner_MICROSOFT
industry-partner_REDHAT-r2
industry-partner_ALIBABA
industry-partner_AUTOMATTIC
industry-partner_AWS
industry-partner_DIGITALOCEAN
industry-partner_SCALEWAY

Follow us:

Facebook Twitter Linkedin Youtube Github

© 2024 WebPros International GmbH. All rights reserved. Plesk and the Plesk logo are trademarks of WebPros International GmbH.

Managed with love with Plesk WP Toolkit