Symptoms
Issuing a wildcard Let's Encrypt certificate in Plesk in Domains > example.com > SSL/TLS Certificates > Install fails:
Error: Could not issue a Let's Encrypt SSL/TLS certificate for example.com. Authorization for the domain failed.
Details
Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz/zEHPSbB4eUyIomzu9qynFouNGrIgiUlJZ755z_Kx4kY.
Details:
Type: urn:ietf:params:acme:error:dns
Status: 400
Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.example.com
Cause
The TXT DNS record for the hostname _acme-challenge.example.com is not available globally:
# nslookup -type=TXT _acme-challenge.example.com
Server: 8.8.8.8
Address: 8.8.8.8#53
** server can't find _acme-challenge.example.com: NXDOMAIN
Resolution
Start issuing a new wildcard Let's Encrypt certificate in Domains > example.com > SSL/TLS Certificates > Install - the following notification screen will appear:
Proceed in accordance with where the domain's DNS zone is hosted:
DNS zone of the domain is hosted on the Plesk server
Wait until the DNS propagation is completed and the required TXT record for the hostname _acme-challenge.example.com is available globally. The availability of this record can be checked on resources like https://dnschecker.org/.
Press the Reload button in the notification screen from step 2.
DNS zone of the domain is hosted on external DNS hosting
On the external DNS hosting, add the TXT record for the hostname _acme-challenge.example.com (or just for _acme-challenge on some DNS providers) using the value from the notification screen from step 2.
Wait until the DNS propagation is completed and the required TXT record for the hostname _acme-challenge.example.com is available globally. The availability of this record can be checked on resources like https://dnschecker.org/.
Press the Reload button in the notification screen from step 2.
