Unable to issue Let’s Encrypt certificate: Your domain in Plesk is hosted on the IP address(es): , but the DNS challenge used another IP address

Symptoms

• Unable to issue/renew a Let’s Encrypt certificate:

  PLESK_ERROR: Error: Could not issue a Let’s Encrypt SSL/TLS certificate for example.com.
  Your domain in Plesk is hosted on the IP address(es): , but the DNS challenge used another IP address: 203.0.113.3.
  Please check the actual DNS zone of your domain and make sure that the IP addresses in the DNS zone and for the hosting are the same.
  Details
  Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/5B8TL2C3swolx5XyBM871hgUwlQlx_JBAMfuOB3pqOQ.
  Details:
  Type: urn:acme:error:unauthorized
  Status: 403
  Detail: Invalid response from http://example.org/.well-known/acme-challenge/PQkwA_59YpHBN7kC2NcUHkaBX2Z8F1GI0QEnxnP81k8: ”
  <!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”>

• Domain points to another IP address globally:

  # dig +short example.com
  203.0.113.4

• In Tools & Settings > IP Addresses a different IP address is set (203.0.113.3)

Cause

Internal IP address of the domain is not mapped to an external one.

Resolution

1. Log in to Plesk.
2. Go to Tools & Settings > IP Addresses > 203.0.113.3.
3. Specify 203.0.113.4 as the Public IP address and click OK.