Lets encrypt issues on Panel. Plesk states its a CF DNS propagation issue

Trying to install lets encrypt ssls on certain domains via a plesk server using cloudflares DNS / proxy.

Lets encrypt cant install the cert:

Could not issue an SSL/TLS certificate for elevatedlandscapesinc com
Details

Could not issue a Let’s Encrypt SSL/TLS certificate for elevatedlandscapesinc com. Authorization for the domain failed.

Details

Invalid response from acme-v02.api.letsencrypt.org/acme/authz-v3/318683360527.

Details:

Type: urn:ietf:params:acme:error:dns

Status: 400

Detail: DNS problem: looking up A for elevatedlandscapesinc.com: DNSSEC: DNSKEY Missing; DNS problem: looking up AAAA for elevatedlandscapesinc.com: DNSSEC: DNSKEY Missing

Talking to plesks support team they state this is a cloudflare DNS propagation issue utilizing this tool: https://www.whatsmydns.net/#A/elevatedlandscapesinc.com

I do not believe this issue is on cloudflare but I am lost and deleted the domain then re added it to CF and still the same results.

First, if you deleted the domain from Cloudflare and added it back, check at the bottom of your DNS page for the 2 Cloudflare nameservers as they may have changed and need to be updated at your registrar.
https://dash.cloudflare.com/?to=/:account/:zone/dns

Then, your certificate issuance problem is, as the message you showed gives, due to a DNSSEC issue as here…
https://cf.sjr.org.uk/tools/check?96b584bc98d64832b1464868d16a81f1#dns

You need to either disable DNSSEC at your registrar, or enable it at Cloudflare and copy the DS records to your registrar from your dashboard here…
https://dash.cloudflare.com/?to=/:account/:zone/dns/settings

1 Like

appreciate the reply.

Obviously I mentioned I re added to cloudflare to troubleshoot the issue. I am aware the nameservers change that’s not our issue.

On the other hand you do seem to be right about the disabling of DNSSEC at our register.

It is frustrating the Plesk just bounces it back to “a CF issue” when even I know this is not the case.

I appreciate someone at cloudflare pointing us in the correct direction.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.