How to Auto-renew and Issue Plesk Lets Encrypt SSL certificate with Cloudflare DNS

If you are using Plesk control panel to host your website and for DNS records you are using cloudflare or Third party DNS server like your domain registrar’s Godaddy, Namecheap etc. You will have to manually add the DNS challenge TXT record every time to issue or renew SSL certificate from Lets encrypt. Manual renewal of ssl certificate every 90 days becomes a problem and puts your site at risk of not having a valid certificate if you forgot to renew.

To fix this issue of “Could not issue/renew Let`s Encrypt certificates” on plesk control panel follow the instructions given below

To enable auto-renewal you can add the following NS records to your third party DNS manager.

plesk control panel cloudflare dns records
HostTypeRecord Value
_acme-challengeNSyourdomain.com
plesk acme challenge dns records for cloudflare (main domain)

For sub-domains only like you can see in screenshot above. Use wildcard certificate so you don’t have to manually add records for all sub-domain. Below record will be used if your main domain and sub-domains are hosted on different servers.

HostTypeRecord Value
_acme-challenge.subdomainNSsubdomain.yourdomain.com
plesk acme challenge dns records for cloudflare (sub-domain)

Make sure in Plesk control panel DNS manager is running or set to master mode.

Plesk DNS Setting
Plesk DNS Settings and Records

If DNS mode is not set as master then Plesk will not automatically manage the TXT DNS challenge record acme-challenge and Lets encrypt auto-renewal or issue will fail.

After making required changes you can verify by issuing a new ssl certificate without manually add the acme-challenge txt. Also make sure to remove any previous acme challenge TXT records you created earlier manually.

how to verify txt acme challenge records

Verify DNS – https://lookmydns.com/

Related Tutorials

How to Make Plesk More Secure