LetsEncrypt keeps failing

ozzWANTED · Apr 18, 2021

I have latest DA + Installatron + Ubuntu 16.04.

I can enable LetsEncrypt for www and without, but not for pop, ftp, smtp, imap.

This what happens:

Bash:

1

2021/04/18 23:21:04 [INFO] [<DOMAIN>.com, ftp.<DOMAIN>.com, imap.<DOMAIN>.com, mail.<DOMAIN>.com, pop.<DOMAIN>.com, smtp.<DOMAIN>.com, www.<DOMAIN>.com] acme: Obtaining SAN certificate

2021/04/18 23:21:06 [INFO] [<DOMAIN>.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/12440952311

2021/04/18 23:21:06 [INFO] [ftp.<DOMAIN>.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/12440952312

2021/04/18 23:21:06 [INFO] [imap.<DOMAIN>.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/12440952313

2021/04/18 23:21:06 [INFO] [mail.<DOMAIN>.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/12440952314

2021/04/18 23:21:06 [INFO] [pop.<DOMAIN>.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/12440952317

2021/04/18 23:21:06 [INFO] [smtp.<DOMAIN>.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/12440952319

2021/04/18 23:21:06 [INFO] [www.<DOMAIN>.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/12440952323

2021/04/18 23:21:06 [INFO] [<DOMAIN>.com] acme: Could not find solver for: tls-alpn-01

2021/04/18 23:21:06 [INFO] [<DOMAIN>.com] acme: use http-01 solver

2021/04/18 23:21:06 [INFO] [pop.<DOMAIN>.com] acme: Could not find solver for: tls-alpn-01

2021/04/18 23:21:06 [INFO] [pop.<DOMAIN>.com] acme: use http-01 solver

2021/04/18 23:21:06 [INFO] [ftp.<DOMAIN>.com] acme: Could not find solver for: tls-alpn-01

2021/04/18 23:21:06 [INFO] [ftp.<DOMAIN>.com] acme: use http-01 solver

2021/04/18 23:21:06 [INFO] [imap.<DOMAIN>.com] acme: Could not find solver for: tls-alpn-01

2021/04/18 23:21:06 [INFO] [imap.<DOMAIN>.com] acme: use http-01 solver

2021/04/18 23:21:06 [INFO] [mail.<DOMAIN>.com] acme: Could not find solver for: tls-alpn-01

2021/04/18 23:21:06 [INFO] [mail.<DOMAIN>.com] acme: use http-01 solver

2021/04/18 23:21:06 [INFO] [smtp.<DOMAIN>.com] acme: Could not find solver for: tls-alpn-01

2021/04/18 23:21:06 [INFO] [smtp.<DOMAIN>.com] acme: use http-01 solver

2021/04/18 23:21:06 [INFO] [www.<DOMAIN>.com] acme: Could not find solver for: tls-alpn-01

2021/04/18 23:21:06 [INFO] [www.<DOMAIN>.com] acme: use http-01 solver

2021/04/18 23:21:06 [INFO] [<DOMAIN>.com] acme: Trying to solve HTTP-01

2021/04/18 23:21:17 [INFO] [<DOMAIN>.com] The server validated our request

2021/04/18 23:21:17 [INFO] [pop.<DOMAIN>.com] acme: Trying to solve HTTP-01

2021/04/18 23:21:23 [INFO] [pop.<DOMAIN>.com] The server validated our request

2021/04/18 23:21:23 [INFO] [ftp.<DOMAIN>.com] acme: Trying to solve HTTP-01

2021/04/18 23:21:30 [INFO] [ftp.<DOMAIN>.com] The server validated our request

2021/04/18 23:21:30 [INFO] [imap.<DOMAIN>.com] acme: Trying to solve HTTP-01

2021/04/18 23:21:35 [INFO] [mail.<DOMAIN>.com] acme: Trying to solve HTTP-01

2021/04/18 23:21:39 [INFO] [mail.<DOMAIN>.com] The server validated our request

2021/04/18 23:21:39 [INFO] [smtp.<DOMAIN>.com] acme: Trying to solve HTTP-01

2021/04/18 23:21:46 [INFO] [smtp.<DOMAIN>.com] The server validated our request

2021/04/18 23:21:46 [INFO] [www.<DOMAIN>.com] acme: Trying to solve HTTP-01

2021/04/18 23:21:50 [INFO] [www.<DOMAIN>.com] The server validated our request

2021/04/18 23:21:50 [INFO] Skipping deactivating of valid auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/12440952311

2021/04/18 23:21:51 [INFO] Skipping deactivating of valid auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/12440952312

2021/04/18 23:21:51 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/12440952313

2021/04/18 23:21:51 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/12440952313

2021/04/18 23:21:51 [INFO] Skipping deactivating of valid auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/12440952314

2021/04/18 23:21:51 [INFO] Skipping deactivating of valid auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/12440952317

2021/04/18 23:21:52 [INFO] Skipping deactivating of valid auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/12440952319

2021/04/18 23:21:52 [INFO] Skipping deactivating of valid auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/12440952323

2021/04/18 23:21:52 Could not obtain certificates:

    error: one or more domains had a problem:

[imap.<DOMAIN>.com] acme: error: 400 :: urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up A for imap.<DOMAIN>.com - check that a DNS record exists for this domain, url:

Certificate generation failed.

Daniel_Dog · Apr 18, 2021

ozzWANTED said:

I have latest DA + Installatron + Ubuntu 16.04.

I can enable LetsEncrypt for www and without, but not for pop, ftp, smtp, imap.

This what happens:

Bash:

1

2021/04/18 23:21:04 [INFO] [<DOMAIN>.com, ftp.<DOMAIN>.com, imap.<DOMAIN>.com, mail.<DOMAIN>.com, pop.<DOMAIN>.com, smtp.<DOMAIN>.com, www.<DOMAIN>.com] acme: Obtaining SAN certificate

2021/04/18 23:21:06 [INFO] [<DOMAIN>.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/12440952311

2021/04/18 23:21:06 [INFO] [ftp.<DOMAIN>.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/12440952312

2021/04/18 23:21:06 [INFO] [imap.<DOMAIN>.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/12440952313

2021/04/18 23:21:06 [INFO] [mail.<DOMAIN>.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/12440952314

2021/04/18 23:21:06 [INFO] [pop.<DOMAIN>.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/12440952317

2021/04/18 23:21:06 [INFO] [smtp.<DOMAIN>.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/12440952319

2021/04/18 23:21:06 [INFO] [www.<DOMAIN>.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/12440952323

2021/04/18 23:21:06 [INFO] [<DOMAIN>.com] acme: Could not find solver for: tls-alpn-01

2021/04/18 23:21:06 [INFO] [<DOMAIN>.com] acme: use http-01 solver

2021/04/18 23:21:06 [INFO] [pop.<DOMAIN>.com] acme: Could not find solver for: tls-alpn-01

2021/04/18 23:21:06 [INFO] [pop.<DOMAIN>.com] acme: use http-01 solver

2021/04/18 23:21:06 [INFO] [ftp.<DOMAIN>.com] acme: Could not find solver for: tls-alpn-01

2021/04/18 23:21:06 [INFO] [ftp.<DOMAIN>.com] acme: use http-01 solver

2021/04/18 23:21:06 [INFO] [imap.<DOMAIN>.com] acme: Could not find solver for: tls-alpn-01

2021/04/18 23:21:06 [INFO] [imap.<DOMAIN>.com] acme: use http-01 solver

2021/04/18 23:21:06 [INFO] [mail.<DOMAIN>.com] acme: Could not find solver for: tls-alpn-01

2021/04/18 23:21:06 [INFO] [mail.<DOMAIN>.com] acme: use http-01 solver

2021/04/18 23:21:06 [INFO] [smtp.<DOMAIN>.com] acme: Could not find solver for: tls-alpn-01

2021/04/18 23:21:06 [INFO] [smtp.<DOMAIN>.com] acme: use http-01 solver

2021/04/18 23:21:06 [INFO] [www.<DOMAIN>.com] acme: Could not find solver for: tls-alpn-01

2021/04/18 23:21:06 [INFO] [www.<DOMAIN>.com] acme: use http-01 solver

2021/04/18 23:21:06 [INFO] [<DOMAIN>.com] acme: Trying to solve HTTP-01

2021/04/18 23:21:17 [INFO] [<DOMAIN>.com] The server validated our request

2021/04/18 23:21:17 [INFO] [pop.<DOMAIN>.com] acme: Trying to solve HTTP-01

2021/04/18 23:21:23 [INFO] [pop.<DOMAIN>.com] The server validated our request

2021/04/18 23:21:23 [INFO] [ftp.<DOMAIN>.com] acme: Trying to solve HTTP-01

2021/04/18 23:21:30 [INFO] [ftp.<DOMAIN>.com] The server validated our request

2021/04/18 23:21:30 [INFO] [imap.<DOMAIN>.com] acme: Trying to solve HTTP-01

2021/04/18 23:21:35 [INFO] [mail.<DOMAIN>.com] acme: Trying to solve HTTP-01

2021/04/18 23:21:39 [INFO] [mail.<DOMAIN>.com] The server validated our request

2021/04/18 23:21:39 [INFO] [smtp.<DOMAIN>.com] acme: Trying to solve HTTP-01

2021/04/18 23:21:46 [INFO] [smtp.<DOMAIN>.com] The server validated our request

2021/04/18 23:21:46 [INFO] [www.<DOMAIN>.com] acme: Trying to solve HTTP-01

2021/04/18 23:21:50 [INFO] [www.<DOMAIN>.com] The server validated our request

2021/04/18 23:21:50 [INFO] Skipping deactivating of valid auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/12440952311

2021/04/18 23:21:51 [INFO] Skipping deactivating of valid auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/12440952312

2021/04/18 23:21:51 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/12440952313

2021/04/18 23:21:51 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/12440952313

2021/04/18 23:21:51 [INFO] Skipping deactivating of valid auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/12440952314

2021/04/18 23:21:51 [INFO] Skipping deactivating of valid auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/12440952317

2021/04/18 23:21:52 [INFO] Skipping deactivating of valid auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/12440952319

2021/04/18 23:21:52 [INFO] Skipping deactivating of valid auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/12440952323

2021/04/18 23:21:52 Could not obtain certificates:

    error: one or more domains had a problem:

[imap.<DOMAIN>.com] acme: error: 400 :: urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up A for imap.<DOMAIN>.com - check that a DNS record exists for this domain, url:

Certificate generation failed.

It says it failed because of imap.<DOMAIN>.com

Could you check that it is a A record? And fully resolved?

ozzWANTED · Apr 18, 2021

It's added in standard way of direct admin.

<DOMAIN>.com.	A	213.252.247.112
	ftp	A	213.252.247.112
	mail	A	213.252.247.112
	pop	A	213.252.247.112
	smtp	A	213.252.247.112
	www	A	213.252.247.112
	<DOMAIN>.com.	NS	ns1.<MY HOSTING>.lt.
	<DOMAIN>.com.	NS	ns2.<MY HOSTING>.lt.
	<DOMAIN>.com.	MX	10 mail

ozzWANTED · Apr 18, 2021

Probably it is a bug in DirectAdmin core, as I added many domains. And it appears imap record is not created at all for none of domains. Then I go and add LetsEncrypt. Standard admin way.

Richard G · Apr 18, 2021

ozzWANTED said:
It's added in standard way of direct admin.

No it's not a bug. Imap is not created by default by directadmin. People normally just use mail for both incoming and outgoing mail, also for imap.
However, it might be good that it would be created by default nowadays.

ozzWANTED said:
but not for pop, ftp, smtp, imap.

They should be created if you select them or have them as default selection present (but then they must exist) and in case of wildcard certificates.

Check if in directadmin.conf both:
enable_ssl_sni=1
mail_sni=1
are both set this way.

LetsEncrypt keeps failing

ozzWANTED

Verified User

Daniel_Dog

Verified User

ozzWANTED

Verified User

ozzWANTED

Verified User

Richard G

Verified User