Can't Provision SSL Certs

B_DubHay · December 20, 2018, 2:53pm

I recently created a new Mail-in-a-Box server. I chose to let my domain registrar do all the dns stuff. I copied and pasted all of the lines I found under System -> External DNS into the dns section of my domain registrars dashboard. my domain is example.com. I added A records for @, www, and mail. When i enter my domain into my browser i am directed to my MIAB server so I know that dns is pointed correctly to my server.
obviously when i get to my site, my browser tells me that the self signed MIAB cert is not trusted. When i go to provision my ssl certs it fails. here is some of the log output i get

Provisioning TLS certificates for mail.example.com, example.com, www.example.com.
error: mail.example.com, example.com, www.example.com:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Performing the following challenges:
http-01 challenge for example.com
http-01 challenge for mail.example.com
http-01 challenge for www.example.com
Using the webroot path /home/user-data/ssl/lets_encrypt/webroot for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. mail.example.com (http-01): urn:ietf:params:acme:error:dns :: DNS 
problem: SERVFAIL looking up A for mail.example.com, www.example.com (http-01): 
urn:ietf:params:acme:error:dns :: DNS problem: SERVFAIL looking up A for www.example.com, 
example.com (http-01): urn:ietf:params:acme:error:dns :: DNS problem: SERVFAIL looking up A for 
example.com

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: mail.example.com
   Type:   None
   Detail: DNS problem: SERVFAIL looking up A for
   mail.example.com

   Domain: www.example.com
   Type:   None
   Detail: DNS problem: SERVFAIL looking up A for
   www.example.com

   Domain: example.com
   Type:   None
   Detail: DNS problem: SERVFAIL looking up A for example.com

I checked the firewall and I don’t have any ports closed to port 80. My Status Checks page doesn’t throw up any red flags. I don’t fully understand why the provisioning script can’t find my server. Any help would be greatly appreciated. Thanks.

Brian

alento · December 20, 2018, 4:47pm

Although DNS propagation seems to be good for you, it appears as though not so for Let’s Encrypt. It may be a waiting game. I have seen this before although it is very rare.

If you will PM me your domain name, I can do some checking for you.

murgero · December 20, 2018, 6:18pm

I agree with @alento - If you setup DNS properly, it can take up to 48 hours (though not usually this long) for DNS to completely propagate to root DNS servers.

system · December 27, 2018, 6:18pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.