Plesk & SocialBee have teamed up. Save 30% now!

Get the Deal

Knowledge Base

Unable to install Let’s Encrypt certificate for the domain hosted in Plesk: SERVFAIL looking up A for example.com

 
applications extensionsdnsdomain namedomainshosted

Symptoms

  • Let's Encrypt certificate cannot be installed with one of the following errors:

    Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/DEADBEEFMwVU3eZxfBU9-PRUcd51tflRLJD7CoBTxrQ.
    Details:
    Type: urn:acme:error:dns
    Status: 400
    Detail: DNS problem: SERVFAIL looking up A for example.com

    Error: Could not issue a Let's Encrypt SSL/TLS certificate for example.com. Authorization for the domain failed.
    Details
    Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/0VWhDoTjEzzwPXNzPHd-zO73YAdXa8qgyac7eEiPQqY.
    Details:
    Type: urn:acme:error:connection
    Status: 400
    Detail: unknownHost :: No valid IP addresses found for example.com

    DNS problem: NXDOMAIN looking up A for example.com
    - check that a DNS record exists for this domain

  • A website example.com may be created recently.

  • Domain name cannot be resolved against some of global DNS resolvers:

    # dig example.com @8.8.8.8 +short
    #

  • Unable to issue the certificate for example.com with the following error message found at /var/log/panel.log:

    ERR [extension/sslit] Failed to renew certificate of domain 'example.com': Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/186606762567. Details: Type: urn:ietf:params:acme:error:dns Status: 400 Detail: no valid A records found for example.com; no valid AAAA records found for example.com

Cause

The DNS A type record does not exist or DNS propagation is not completed.

Resolution

Add the A DNS record type for the domain:

If it is not clear what NS servers are managing DNS for the domain:

  1. Go to the online NS record checker (for instance this one: Online tool for NS server check);
  2. Check if the NS servers are the same with the Domains > exmple.com > DNS Settings. If they are, then your DNS is managed by Plesk.
    If there are not matching or the option Domains > example.com > DNS Settings is absent, thus, 3-d party DNS server is used (i.e. DNS provider).

If DNS is managed in Plesk:

  1. Log into Plesk;

  2. Add record (type A) for the example.com in Plesk > Domains > example.com > DNS Settings > Add Record:

    border_plus_DNS.PNG

  3. Click OK.

If DNS is managed by a 3d-party DNS provider:

Contact the domain provider in order to add appropriate A record

Note: If record has been already added, but the error persist, it is required to wait for a while. DNS propagation may take up to 72 hours. Use this tool in order to check global DNS propagation: DNS Propagation Check.

Read the full article
Related Posts
Knowledge Base

Hosting Wiki

Industry
Partners

industry-partner_ALIBABA
industry-partner_GOOGLEPARTNER
industry-partner_MICROSOFT
industry-partner_REDHAT-r2
industry-partner_ALIBABA
industry-partner_AUTOMATTIC
industry-partner_AWS
industry-partner_DIGITALOCEAN
industry-partner_SCALEWAY

Follow us:

Facebook Twitter Linkedin Youtube Github

© 2024 WebPros International GmbH. All rights reserved. Plesk and the Plesk logo are trademarks of WebPros International GmbH.

Managed with love with Plesk WP Toolkit