Unable to issue Let’s Encrypt certificate: Your domain in Plesk is hosted on the IP address(es): , but the DNS challenge used another IP address

Symptoms

• Unable to issue/renew a Let's Encrypt certificate with the following error:

  Error: Could not issue a Let's Encrypt SSL/TLS certificate for example.com.
  Your domain in Plesk is hosted on the IP address(es): 192.0.2.2, but the DNS challenge used another IP address: 203.0.113.4.
  Please check the actual DNS zone of your domain and make sure that the IP addresses in the DNS zone and for the hosting are the same.
  Details
  Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/5B8TL2C3swolx5XyBM871hgUwlQlx_JBAMfuOB3pqOQ.
  Details:
  Type: urn:acme:error:unauthorized
  Status: 403
  Detail: Invalid response from http://example.org/.well-known/acme-challenge/PQkwA_59YpHBN7kC2NcUHkaBX2Z8F1GI0QEnxnP81k8: "
  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

• Domain points to a global IP address:

  # dig +short example.com
  203.0.113.4

• In Tools & Settings > IP Addresses local IP address is set (192.0.2.2)

Cause

external IP address of the domain is not mapped to an external one.

Resolution

1. Log in to Plesk.
2. Go to Tools & Settings > IP Addresses > 192.0.2.2.
3. Specify 203.0.113.4 as the Public IP address and click OK.