Symptoms
-
Unable to issue/renew a Let's Encrypt certificate with the following error:
Error: Could not issue a Let's Encrypt SSL/TLS certificate for example.com.
Your domain in Plesk is hosted on the IP address(es): 192.0.2.2, but the DNS challenge used another IP address: 203.0.113.4.
Please check the actual DNS zone of your domain and make sure that the IP addresses in the DNS zone and for the hosting are the same.
Details
Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/5B8TL2C3swolx5XyBM871hgUwlQlx_JBAMfuOB3pqOQ.
Details:
Type: urn:acme:error:unauthorized
Status: 403
Detail: Invalid response from http://example.org/.well-known/acme-challenge/PQkwA_59YpHBN7kC2NcUHkaBX2Z8F1GI0QEnxnP81k8: "
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> -
Domain points to a global IP address:
# dig +short example.com
203.0.113.4 - In Tools & Settings > IP Addresses local IP address is set (
192.0.2.2)
Cause
external IP address of the domain is not mapped to an external one.
Resolution
- Log in to Plesk.
- Go to Tools & Settings > IP Addresses > 192.0.2.2.
- Specify 203.0.113.4 as the Public IP address and click OK.