Plesk & SocialBee have teamed up. Save 30% now!

Get the Deal

Knowledge Base

Unable to issue a Let’s Encrypt certificate for a domain or its mail in Plesk: the DNS challenge used another IP address

 
applications extensionsdnsdomainsgooglehosted

Symptoms

Let's Encrypt fails to secure a domain or its webmail with a certificate at Domains > example.com > Let's Encrypt because of IP address mismatch:

  • over IPv4

    Error: Could not issue a Let's Encrypt SSL/TLS certificate for example.com. Your domain in Plesk is hosted on the IP address(es): 203.0.113.2, but the DNS challenge used another IP address: 203.0.113.10. Please check the actual DNS zone of your domain and make sure that the IP addresses in the DNS zone and for the hosting are the same.

  • over IPv6

    Error: Could not issue a Let's Encrypt SSL/TLS certificate for example.com. Your domain in Plesk is hosted on the IP address(es): 203.0.113.2 2001:db8:f61:a1ff:0:0:0:80, but the DNS challenge used another IP address: 2001:db8:f61:a1ff:0:0:0:90. Please check the actual DNS zone of your domain and make sure that the IP addresses in the DNS zone and for the hosting are the same

Cause

DNS misconfiguration: The domain IP address configured in Plesk at Domains > example.com > Web Hosting Access differs from the IP address to which the domain/webmail/www-subdomain resolves globally. Use the nslookup utility (available on Linux and Windows) to find actual (global) IP address of the domain:

C:> nslookup example.com 8.8.8.8
Server: google-public-dns-a.google.com
Address: 10.55.253.101

Non-authoritative answer:
Name: example.com
Addresses: 2001:db8:f61:a1ff:0:0:0:90
203.0.113.10

It is not possible to secure a domain with "www" subdomain or webmail included, if "www" subdomain or webmail resolves to a different IP address.

Resolution

Apply one of the following solutions:

 

Solution I: Change the IP address in Plesk

    1. In Plesk, go to Domains > example.com > Web Hosting Access.

    2. Change an IP address for the A record to the global IP address.

    3. Go to Domains > example.com > DNS Settings and make sure global IP address is shown for the A record.

       

Solution II: Change the IP address on registrar side

Change the IP address for the A record on the registrar's side to the one which is specified in Plesk. Note that a DNS change can take up to 24-48 hours to propagate globally.

Read the full article
Related Posts
Knowledge Base

Hosting Wiki

Industry
Partners

industry-partner_ALIBABA
industry-partner_GOOGLEPARTNER
industry-partner_MICROSOFT
industry-partner_REDHAT-r2
industry-partner_ALIBABA
industry-partner_AUTOMATTIC
industry-partner_AWS
industry-partner_DIGITALOCEAN
industry-partner_SCALEWAY

Follow us:

Facebook Twitter Linkedin Youtube Github

© 2024 WebPros International GmbH. All rights reserved. Plesk and the Plesk logo are trademarks of WebPros International GmbH.

Managed with love with Plesk WP Toolkit