Hostname / Let's Encrypt issue

F

Flip

New member
Joined
Oct 31, 2016
Messages
5
When trying to set up Let's Encrypt, I'm getting this error message.
And now I'm not able to login to DirectAdmin (IP.server:2222 redirects to https://vps1.domain.com, but is displaying an error).

Anyone who knows what going on?
I'm guessing it has something to do with my DNS-settings and hostname, so that's why I also attached dig / nslookup (although it might not have anything to do with this ofcourse).

[root@vps1 scripts]# ./letsencrypt.sh request vps1.domain.com 4096
Setting up certificate for a hostname: vps1.domain.com
Getting challenge for vps1.domain.com from acme-server...
User let's encrypt key has been found, but not registered. Registering...
Account registration error. Response: HTTP/1.1 100 Continue
Expires: Mon, 31 Oct 2016 21:02:26 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache

HTTP/1.1 400 Bad Request
Server: nginx
Content-Type: application/problem+json
Content-Length: 127
Boulder-Request-Id: 1pO2UX2wvTiYLZGd4SL5yfT70udIJLpOJ7csyFYdMNk
Replay-Nonce: AOSWbOLy5JK7EDczTcGO55qZlM5ge8MK47ZBIKerxRQ
Expires: Mon, 31 Oct 2016 21:02:28 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 31 Oct 2016 21:02:28 GMT
Connection: close

{
"type": "urn:acme:error:invalidEmail",
"detail": "DNS problem: NXDOMAIN looking up MX for vps1.domain.com",
"status": 400
}.
Click to expand...

nslookup domain.com
Server: IP.1
Address: IP.1#53

Non-authoritative answer:
Name: domain.com
Address: IP.server
Click to expand...

nslookup vps1.domain.com
Server: IP.1
Address: IP.1#53

** server can't find vps1.domain.com: NXDOMAIN
Click to expand...

********************************

dig domain.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.2 <<>> domain.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24495
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;domain.com. IN A

;; ANSWER SECTION:
domain.com. 86400 IN A IP.server

;; Query time: 763 msec
;; SERVER: IP.1#53(IP.1)
;; WHEN: Mon Oct 31 17:14:59 2016
;; MSG SIZE rcvd: 40
Click to expand...

dig -x domain.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.2 <<>> -x domain.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 2772
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;com.domain.in-addr.arpa. IN PTR

;; AUTHORITY SECTION:
in-addr.arpa. 3600 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2015074925 1800 900 604800 3600

;; Query time: 84 msec
;; SERVER: IP.1#53(IP.1)
;; WHEN: Mon Oct 31 17:15:13 2016
;; MSG SIZE rcvd: 105
Click to expand...

dig vps1.domain.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.2 <<>> vps1.domain.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 47164
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;vps1.domain.com. IN A

;; AUTHORITY SECTION:
domain.com. 86400 IN SOA ns0.xname.org. email.live.com. 2013112401 10800 3600 604800 10800

;; Query time: 3038 msec
;; SERVER: 178.21.112.12#53(178.21.112.12)
;; WHEN: Mon Oct 31 17:21:38 2016
;; MSG SIZE rcvd: 88
Click to expand...

dig -x vps1.domain.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.2 <<>> -x vps1.domain.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 12661
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;com.domain.vps1.in-addr.arpa. IN PTR

;; AUTHORITY SECTION:
in-addr.arpa. 3545 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2015074925 1800 900 604800 3600

;; Query time: 26 msec
;; SERVER: IP.1#53(IP.1)
;; WHEN: Mon Oct 31 17:16:07 2016
;; MSG SIZE rcvd: 110
Click to expand...
 
Hello,

Since you've obfuscated data, so here is a general suggestion:

Make sure you've got the latest version of letsencrypt.sh script:

Code: 
cd /usr/local/directadmin/custombuild
./build update
./build letsencrypt

and try to install a cert once more.
 
"Let's encrypt client 1.0.1 has been installed." Same issue though...
 
Your hostname does not resolve outside your VPS. The Nameservers (only one responded) have no information about the hostname. So it's a DNS issue, which should be resolved on your nameservers.

Code: 
[user@server ~]$ dig +short ANY vps1.example.be @ns0.example.org
;; connection timed out; no servers could be reached
[user@server ~]$ dig +short ANY vps1.example.be @ns1.example.org
[user@server ~]$ dig +short ANY vps1.example.be @ns2.example.org
;; connection timed out; no servers could be reached
[user@server ~]$
 
Thanks for the feedback!
I'm using xname.org, a free DNS-service.

However, my DNS-knowledge is only basic (I do know what A-records, etc. are, but I'm not great at configuring this)
What should I do to fix the "resolve"-issue?
 
Alright, seems like a didn't configure it as it should have been...
I have PM'd you my current settings. It would be great if you could take a look at what's wrong (tbh: I am no DNS-expert at all, so there might be some errors...).
I was using xname.org (free DNS), but I'll start using dns.he.net.
 
SOLVED!

Thx a lot @zEitEr.

DNS-issue was solved switching to dns.he.net (still don't know why, but I'm glad it is now :-) ).

When executing the ./letsencrypt.sh script, I still received the following error:
Error: http://www.vps1.domain.com/.well-known/acme-challenge/letsencrypt_xxxxxxxxxx is not reachable. Aborting the script.
Please make sure /.well-known alias is setup in WWW server.
Click to expand...
Adding www.vps1.domain.com (and mail.xxx, smtp.xxx, pop.xxx & ftp.xxx) to my A-records did the trick, and everything is working fine now :)
 
You must log in or register to reply here.
Back
Top