Could not issue a Let’s Encrypt SSL/TLS certificate. Authorization for the domain failed.


A Let's Encrypt certificate cannot be installed with the following error message:

Invalid response from Details: Type: urn:ietf:params:acme:error:dns Status: 400 Detail: DNS problem: SERVFAIL looking up A for - the domain's nameservers may be malfunctioning

Or with this notice:

Error: Could not issue a Let's Encrypt SSL/TLS certificate for Your domain in Plesk is hosted on the IP address(es): , but the DNS challenge used another IP address: Please check the actual DNS zone of your domain and make sure that the IP addresses in the DNS zone and for the hosting are the same. Details Invalid response from Details: Type: urn:acme:error:unauthorized Status: 403 Detail: Invalid response from "

  • Either the website was just created on a newly registered domain
  • Or the domain has just been moved.

When a domain is newly registered or just transferred, it takes up to 4 hours for all DNS servers to redirect the domain towards your hosting with us. Please wait this time and then reapply for the SSL certificate.


The domain cannot yet be "resolved" by the DNS servers or no A record exists in the domain's DNS.


  • Check the IP address of the web server where your domain resides. Log in to Plesk and remember the IP address listed in the main screen under your domain.
  • Check if in My Cloud86 under Domain Names > Managing DNS the domain is added to the correct webhosting package. If not, follow this guide. 
  • Verify that the domain can now be resolved on the Internet through a website such as When all DNS servers show green check marks and the correct IP address of the server is listed, you can reapply for the SSL certificate in Plesk.