Page 1 of 2 12 LastLast
Results 1 to 20 of 22

Thread: Let's encrypt DNS problem: NXDOMAIN looking up MX for server

  1. #1
    Join Date
    Aug 2018
    Posts
    13

    Let's encrypt DNS problem: NXDOMAIN looking up MX for server

    When try to create a new SSL-certificate, I get the following error (see below)
    The strange thing is that NXDOMAIN looking up MX for server, and server is not the full server name, that should be some server.domain.com
    So that's why server can't be found I think but where can I change server into the server name (server.domain.com)??

    I'm using:
    DA 1.53.4
    Let's encrypt 1.1.10
    Nginx 1.14.0 (reverse proxy)

    Cannot Execute Your Request

    Details

    Generating 4096 bit RSA key for let's encrypt account...
    openssl genrsa 4096 > "/usr/local/directadmin/conf/letsencrypt.key"
    Generating RSA private key, 4096 bit long modulus
    .............................................................++
    .....++
    e is 65537 (0x10001)
    Account registration error. Response: HTTP/1.1 100 Continue
    Expires: Mon, 27 Aug 2018 10:54:14 GMT
    Cache-Control: max-age=0, no-cache, no-store
    Pragma: no-cache

    HTTP/1.1 400 Bad Request
    Server: nginx
    Content-Type: application/problem+json
    Content-Length: 164
    Replay-Nonce: jG6tOA2eqFOQ4N4Yq4RIh-nBJoowrCUBYA44kqXw_tM
    Expires: Mon, 27 Aug 2018 10:54:14 GMT
    Cache-Control: max-age=0, no-cache, no-store
    Pragma: no-cache
    Date: Mon, 27 Aug 2018 10:54:14 GMT
    Connection: close

    {
    "type": "urn:ietfarams:acme:error:invalidEmail",
    "detail": "Error creating new account :: DNS problem: NXDOMAIN looking up MX for server",
    "status": 400
    }.

  2. #2
    Join Date
    Aug 2006
    Location
    LT, EU
    Posts
    7,099
    It seems you have no MX record for the domain you're trying to create the cert for
    Martynas Bendorius
    MB Martynas IT. Professional server management company. Official DirectAdmin, CloudLinux, LiteSpeed and Comodo partners.

  3. #3
    Join Date
    Aug 2018
    Posts
    13
    Thank you for your reply Smtalk,

    The thing is I did make a MX-record for the domain....
    Check https://mxtoolbox.com/SuperTool.aspx...e&run=toolpage
    I think the servername is not correct, doesn't it has to be server.domain.com?

  4. #4
    Join Date
    Aug 2006
    Location
    LT, EU
    Posts
    7,099
    The following gives no results:
    $ dig mx dgs.one +short

    So, if your admin domain is set to dgs.one, it's trying to use admin@dgs.one as email address, thus, it needs to find MX record for dgs.one domain.
    Martynas Bendorius
    MB Martynas IT. Professional server management company. Official DirectAdmin, CloudLinux, LiteSpeed and Comodo partners.

  5. #5
    Join Date
    Aug 2018
    Posts
    13
    Thank you very much again Smtalk!

    The following '$ dig mx dgs.one +short' gives now this result: 10 dgs.one.
    So that looks good!
    But dgs.one is not the admin domain but the domain I need a certificate for.

    I've also made a MX-record for my server: server.solutit.nl

    So now it has to work, but the error still occurs...

  6. #6
    Join Date
    Apr 2009
    Posts
    2,154
    Your DNS change is likely still propagating, and old DNS is likely still cached on Let's Encrypt DNS resolver. If you use DirectAdmin default TTL, it is 4 hours. So then it should work after 4 hours waiting.

  7. #7
    Join Date
    Jul 2008
    Location
    Maastricht
    Posts
    3,464
    It could indeed still be propagating.

    Next to that, remember that if you want to use mail.dgs.one there should be an A record for it.
    At this point an "nslookup mail.dgs.one" does not resolve to any ip address, which it should.
    Greetings, Richard.

  8. #8
    Join Date
    Aug 2018
    Posts
    13
    Thank you very much Ditto and Richard G,

    I know I have to wait for DNS-settings. So I did ;-)
    We're 12 hours further now and nothing happens. Let me explain the problem again.
    The error is exactly what I've showed you, so server is not a value that I've chosen, it's what ./letsencrypt.sh tells me.
    But that's not the full server name, that has to be server.solutit.nl, because when you do '$ dig mx server +short' there is no result, and thats what could be expected. But it has to be '$ dig mx server.solutit.nl +short' so where can I change the server name so letsencrypt is searching at server.domain.com and not at server.
    dgs.one is the domain I need an certificate for.

  9. #9
    Join Date
    Aug 2006
    Location
    LT, EU
    Posts
    7,099
    May you check the output of:
    Code:
    grep mailto /usr/local/directadmin/conf/letsencrypt.key.json
    Martynas Bendorius
    MB Martynas IT. Professional server management company. Official DirectAdmin, CloudLinux, LiteSpeed and Comodo partners.

  10. #10
    Join Date
    Aug 2018
    Posts
    13
    Thanks for your reply again!

    There is no file /usr/local/directadmin/conf/letsencrypt.key.json

    Maybe another location?

  11. #11
    Join Date
    Aug 2018
    Posts
    13
    And $ locate letsencrypt.key.json gives also no result....

  12. #12
    Join Date
    Aug 2006
    Location
    LT, EU
    Posts
    7,099
    Weird, are you running latest version of letsencrypt.sh?

    Code:
    grep VERSION /usr/local/directadmin/scripts/letsencrypt.sh
    Martynas Bendorius
    MB Martynas IT. Professional server management company. Official DirectAdmin, CloudLinux, LiteSpeed and Comodo partners.

  13. #13
    Join Date
    Aug 2018
    Posts
    13
    Yes, the output is:

    #VERSION=1.1.10

  14. #14
    Join Date
    Aug 2018
    Posts
    13
    I can't find the .json file but the .key file is present.

    /usr/local/directadmin/data/users/solutit/letsencrypt.key

  15. #15
    Join Date
    Aug 2006
    Location
    LT, EU
    Posts
    7,099
    Ah, it's not there, because you cannot go through account registration with invalid email address Okay, let's check it this way:
    Code:
    grep '^email=' /usr/local/directadmin/data/users/admin/user.conf | cut -d= -f2 | cut -d, -f1
    Martynas Bendorius
    MB Martynas IT. Professional server management company. Official DirectAdmin, CloudLinux, LiteSpeed and Comodo partners.

  16. #16
    Join Date
    Aug 2018
    Posts
    13
    While you was typing I discovered that the admin e-mailaddress was incorrect..... it was admin@server ....... So I've changed it and with the command you provided me the changed (valid) e-mailaddress showed up!! And NOW it's WORKING!!!

    Thanks a lot!

  17. #17
    Join Date
    Apr 2016
    Posts
    14
    We are experiencing the same issue with renewals:
    Code:
    grep VERSION /usr/local/directadmin/scripts/letsencrypt.sh
    #VERSION=1.1.11
    Code:
    grep '^email=' /usr/local/directadmin/data/users/admin/user.conf | cut -d= -f2 | cut -d, -f1
    admin@server.hostname.com
    Error message:
    Code:
    {
     "type": "urn:ietf:params:acme:error:invalidEmail",
     "detail": "Error creating new account :: DNS problem: NXDOMAIN looking up MX for server.hostname.com",
     "status": 400
    }.
    We are using the following settings:
    Code:
    Common Name: www.example.com
    E-mail address: admin@hostname.com
    Subject Alternative Names: www.example.com, example.com
    Note: the "admin@hostname.com" address is the same domain used for the server name "server.hostname.com". Could it be possible that this issue occurs because we're using an e-mail address from another domain which is also part of the server name?

    Also, it could be that this is a new issue in the current letsencrypt.sh script, because these are renewals and the initial certificate requests didn't have any problems with the above email settings.

    WORKAROUND:
    As a workaround we replaced the e-mail address in "/usr/local/directadmin/data/users/admin/user.conf" with admin@hostname.com which has valid MX records.
    Last edited by tomputer; 09-07-2018 at 01:23 AM.

  18. #18
    Join Date
    Aug 2006
    Location
    LT, EU
    Posts
    7,099
    Email address could also be changed in "Message system".
    Martynas Bendorius
    MB Martynas IT. Professional server management company. Official DirectAdmin, CloudLinux, LiteSpeed and Comodo partners.

  19. #19
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    12,209
    Faced the same error today. And as an user which faces this error it's very very unclear what to do. And user can not do anything but contact hosting support. So probably you need to check first that admin's email is valid?

  20. #20
    Join Date
    Aug 2014
    Posts
    78
    I had this issue and it was blowing my mind at the end I let it go.
    Freelance Linux and Windows system admin
    LPIC-1 and LPiC-2 certified
    Telegram @sysnasri
    https://web.telegram.org/#/im?p=@sysnasri
    ========================
    5 Years of experience in Web Hosting.
    www.amandahost.com

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •