Unable to issue a Let’s Encrypt certificate for a domain in Plesk when Digital Ocean DNS extension is used: During secondary validation: Incorrect TXT record

Symptoms

• When issuing a wildcard SSL certificate from Let's Encrypt, the operation fails with the error message:

  Domain validation failed: Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/10877220745.
  Details:
  Type: urn:ietf:params:acme:error:unauthorized
  Status: 403
  Detail: During secondary validation: Incorrect TXT record "jAaVbSLm9IFo8Y7H4oTMEa5rMZlOAQ2hHHWKICTNhI4" found at _acme-challenge.example.com

• DigitalOcean DNS extension is installed on the server.

• The same TXT record that is provided in Plesk is propagated worldwide:

  # dig txt +short _acme-challenge.example.com
  "UwfPLPECXBW5xnLhROCaMj0enVfPvphesmREP5o5WNg"

Cause

The default interval set for the SSL It! extension is not enough for validation. By default, it is 1 hour.

Resolution

1. Log in to Plesk.

2. Install the Panel.ini Editor extension for Plesk.

3. Go to Extensions > My Extensions > Panel.ini Editor > Open and switch to the Editor tab.

4. Add the following lines:

   [ext-sslit]
   dns-challenge-confirmation-interval = 3 hour

5. Save the changes.

   Note: In case the issue still persists after that, increase the value, for example, to '5 hour' or '1 day'.