Can't Provision SSL Certs

I recently created a new Mail-in-a-Box server. I chose to let my domain registrar do all the dns stuff. I copied and pasted all of the lines I found under System -> External DNS into the dns section of my domain registrars dashboard. my domain is example.com. I added A records for @, www, and mail. When i enter my domain into my browser i am directed to my MIAB server so I know that dns is pointed correctly to my server.
obviously when i get to my site, my browser tells me that the self signed MIAB cert is not trusted. When i go to provision my ssl certs it fails. here is some of the log output i get

Provisioning TLS certificates for mail.example.com, example.com, www.example.com.
error: mail.example.com, example.com, www.example.com:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Performing the following challenges:
http-01 challenge for example.com
http-01 challenge for mail.example.com
http-01 challenge for www.example.com
Using the webroot path /home/user-data/ssl/lets_encrypt/webroot for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. mail.example.com (http-01): urn:ietf:params:acme:error:dns :: DNS 
problem: SERVFAIL looking up A for mail.example.com, www.example.com (http-01): 
urn:ietf:params:acme:error:dns :: DNS problem: SERVFAIL looking up A for www.example.com, 
example.com (http-01): urn:ietf:params:acme:error:dns :: DNS problem: SERVFAIL looking up A for 
example.com

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: mail.example.com
   Type:   None
   Detail: DNS problem: SERVFAIL looking up A for
   mail.example.com

   Domain: www.example.com
   Type:   None
   Detail: DNS problem: SERVFAIL looking up A for
   www.example.com

   Domain: example.com
   Type:   None
   Detail: DNS problem: SERVFAIL looking up A for example.com

I checked the firewall and I don’t have any ports closed to port 80. My Status Checks page doesn’t throw up any red flags. I don’t fully understand why the provisioning script can’t find my server. Any help would be greatly appreciated. Thanks.

Brian

Although DNS propagation seems to be good for you, it appears as though not so for Let’s Encrypt. It may be a waiting game. I have seen this before although it is very rare.

If you will PM me your domain name, I can do some checking for you.

1 Like

I agree with @alento - If you setup DNS properly, it can take up to 48 hours (though not usually this long) for DNS to completely propagate to root DNS servers.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.