[box.xxx.yz] TLS Certificate Provisioning Result

mellow · June 14, 2021, 7:26am

Provisioning TLS certificates for box.xxx.yz.
error: box.xxx.yz:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Performing the following challenges:
http-01 challenge for box.xxx.yz
Using the webroot path /home/user-data/ssl/lets_encrypt/webroot for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. box.xxx.yz (http-01): urn:ietf:params:acme:error:dns :: During secondary validation: No valid IP addresses found for box.xxx.yz
IMPORTANT NOTES:

The following errors were reported by the server:

Domain: box.xxx.yz
Type: None
Detail: During secondary validation: No valid IP addresses found
for box.xxx.yz

So I did some google-fu and came up with this

" * Both of the following DNS records set up for your server. If you are using DigitalOcean, please see our DNS documentation for details on how to add them.
** An A record with example.com pointing to your server’s public IP address.*
** An A record with www.example.com pointing to your server’s public IP address."*

So I checked my records,
And I only have an A record to my xxx.yz pointing to my public IP address, and I’ve got a cname www > @
Which is basicly the same as the A record to www no? Or am I missing something?

Either way, I managed to fix my certificate manually by pushing the Provision button. It’s just not normal though right?

alento · June 14, 2021, 12:07pm

If this was the case, the only issue was that your DNS had not yet propagated when the first attempt was made.

You would not receive a ‘provision’ button otherwise.

mellow · June 14, 2021, 12:22pm

that’s weird right? this box has been up and running for almost a year now?

alento · June 14, 2021, 12:24pm

It can always be just a temporary failure in DNS or the LE servers. Is this a one time thing? How did you become aware?

mellow · June 14, 2021, 12:44pm

it was up for renewal, and my box was sending me mails about the failure… This was the second mail I got for this error.

and I just noticed, that all the other certificates have renewed just fine. Only the one for box.xxx.yz was the one complaining.

Cemmos · June 15, 2021, 4:27am

Hard to say with that info alone. Since you’ve mentioned that you’ve been running MiaB for a year, it’s probably just what alento said — temporary issue. Assuming you haven’t changed any DNS recently, anyway.

You can try something like https://letsdebug.net/ from Let’s Encrypt and see if things are set up correctly.

A CNAME is fine. But your Let’s Encrypt error references box.xxx.yz, so your root domain and www shouldn’t matter in this context. The box subdomain should be pointing to your mail server with an A record. In this case, it’s important for it to be an A record because you cannot add other records alongside CNAMEs (unless the DNS provider you’re using has CNAME flattening). None of this should be what your issue comes from though.

system · July 25, 2021, 4:28am

This topic was automatically closed 40 days after the last reply. New replies are no longer allowed.