Pre-requirements
- Administrator access to the Plesk control panel.
- Basic knowledge of DNS record management.
- Access to your domain's DNS settings, either through Plesk or an external DNS provider.
Introduction
When securing a domain, subdomain, or alias with Let's Encrypt in Plesk, you may encounter DNS-related errors such as NXDOMAIN or query timed out. These errors indicate issues with DNS records, preventing Let's Encrypt from verifying the domain. This guide provides solutions for correcting DNS settings and ensuring successful SSL certificate issuance.
Common Errors
While attempting to secure a domain or subdomain via Let's Encrypt in Plesk, you may encounter one of the following errors:
Detail: DNS problem: NXDOMAIN looking up A for alias.example.com
Detail: DNS problem: query timed out looking up A for alias.example.comYou may also see notifications like:
An issue occurred while securing the domain example.com:
The certificate has been issued. Some alternative domain names were excluded.
Domains that have not been secured are listed below. Please secure them manually:
- www.example.com
- webmail.example.com
- alias.example.comThese errors indicate that Let's Encrypt is unable to resolve the domain or subdomain (e.g., alias.example.com or www.example.com).
Cause: Missing or Incorrect DNS Records
The primary cause of these errors is missing or incorrect DNS records for the affected domains or subdomains. If the DNS records for these domains are not correctly configured, Let's Encrypt cannot verify the domain, resulting in the failure to issue certificates.
Possible Domains Affected
- Subdomains like www.example.com
- Alias domains like alias.example.com
- Services subdomains like webmail.example.com
Resolution: Correct DNS Settings
To resolve these issues, you need to ensure that the DNS records for the affected domain, subdomain, or alias are properly configured.
Solution 1: Add DNS Records in Plesk (Plesk as DNS Server)
- Log into your Plesk control panel.
- Navigate to Domains > example.com > DNS Settings.
- Click Add Record.
- Select the record type (e.g., A or CNAME), and fill in the required details for the subdomain or alias (e.g., alias.example.com).
- Click OK to save the DNS record.
- Click Update to apply the changes.
Once the DNS records are added, wait for DNS propagation, which may take up to 48 hours.
Solution 2: Add DNS Records with External DNS Provider
If your domain's DNS is hosted outside of Plesk (e.g., with a registrar like GoDaddy or Cloudflare), you'll need to create the necessary DNS records on the DNS provider's platform.
- Log into your DNS provider's management panel.
- Find the domain example.com and go to the DNS settings.
- Add the required records (e.g., A or CNAME records) for the affected subdomains or aliases (e.g., alias.example.com or www.example.com).
- Save the changes and allow time for DNS propagation.
For detailed instructions on adding DNS records with different providers, refer to the provider's documentation.
Alternative Solution: Secure Only the Main Domain
If securing the subdomains or aliases is not critical, you can choose to secure only the main domain (e.g., example.com) and exclude subdomains from the SSL certificate.
Steps to Secure Only the Main Domain
- Log into Plesk.
- Navigate to Domains > example.com > SSL/TLS Certificates.
- Scroll down and click Install.
- Ensure that only the Secure the domain name checkbox is selected (leave subdomains unchecked).
- Click Issue Certificate to secure only the main domain.
Verifying DNS Propagation
After updating DNS records, it's essential to verify that the changes have propagated globally. Use tools like dig or nslookup to check DNS records from your terminal.
