System Status Checks
System
β
All system services are running.
β
The SSH server on this machine permits password-based login. A more secure way to log in is using a public key. Add your SSH public key to $HOME/.ssh/authorized_keys, check that you can log in without a password, set the option 'PasswordAuthentication no' in /etc/ssh/sshd_config, and then restart the openssh via 'sudo service ssh restart'.
β
System software is up to date.
β
Mail-in-a-Box is up to date. You are running version v55.
β
System administrator address exists as a mail alias. [administrator@box.test.com.com β¦ staff@test.com.com]
β
The disk has 12.45 GB space remaining.
β
System memory is 74% free.
Network
β
Firewall is active.
β
Outbound mail (SMTP port 25) is not blocked.
β
IP address is not blacklisted by zen.spamhaus.org.
box.test.com.com
β
DNSSEC 'DS' record is set correctly at registrar.
β
Nameserver glue records are correct at registrar. [ns1/ns2.box.test.com.com β¦ 93.145.24.47]
β
Domain resolves to box's IP address. [box.test.com.com β¦ 93.145.24.47 / 1b12:1a4:a137:89ad::1]
β
Your box's reverse DNS is currently box.test.com.com (IPv4) and [Not Set] (IPv6), but it should be box.test.com.com. Your ISP or cloud provider will have instructions on setting up reverse DNS for your box.
β
The DANE TLSA record for incoming mail is correct (_25._tcp.box.test.com.com).
β
Hostmaster contact address exists as a mail alias. [hostmaster@box.test.com.com β¦ staff@test.com.com]
β
Domain's email is directed to this domain. [box.test.com.com β¦ 10 box.test.com.com]
β
MTA-STS policy is missing: STSFetchResult.NONE
β
Postmaster contact address exists as a mail alias. [postmaster@box.test.com.com β¦ staff@test.com.com]
β
Domain is not blacklisted by dbl.spamhaus.org.
β
The TLS (SSL) certificate has a problem: The certificate is expiring soon: The certificate expires in 4 days on 2021-12-04.
test.com.com
β
DNSSEC 'DS' record is set correctly at registrar.
β
Nameservers are set correctly at registrar. [ns1.box.test.com.com; ns2.box.test.com.com]
β
Domain's email is directed to this domain. [test.com.com β¦ 10 box.test.com.com]
β
MTA-STS policy is missing: STSFetchResult.NONE
β
Postmaster contact address exists as a mail alias. [postmaster@test.com.com β¦ staff@test.com.com]
β
Domain is not blacklisted by dbl.spamhaus.org.
β
Domain resolves to this box's IP address. [test.com.com β¦ 93.145.24.47; 1b12:1a4:a137:89ad::1]
β
The TLS (SSL) certificate has a problem: The certificate is expiring soon: The certificate expires in 3 days on 2021-12-03.
β
www.test.com.com: Domain resolves to this box's IP address. [www.test.com.com β¦ 93.145.24.47; 1b12:1a4:a137:89ad::1]
β
www.test.com.com: The TLS (SSL) certificate has a problem: The certificate is expiring soon: The certificate expires in 3 days on 2021-12-03.
β
autoconfig.test.com.com: Domain resolves to this box's IP address. [autoconfig.test.com.com β¦ 93.145.24.47; 1b12:1a4:a137:89ad::1]
β
autoconfig.test.com.com: The TLS (SSL) certificate has a problem: The certificate is expiring soon: The certificate expires in 3 days on 2021-12-03.
β
autodiscover.test.com.com: Domain resolves to this box's IP address. [autodiscover.test.com.com β¦ 93.145.24.47; 1b12:1a4:a137:89ad::1]
β
autodiscover.test.com.com: The TLS (SSL) certificate has a problem: The certificate is expiring soon: The certificate expires in 3 days on 2021-12-03.
/var/log/letsencrypt/letsencrypt.log
2021-11-29 07:59:42,390:DEBUG:certbot.main:certbot version: 0.31.0
2021-11-29 07:59:42,391:DEBUG:certbot.main:Arguments: ['--register-unsafely-without-email', '--agree-tos', '--config-dir', '/home/user-data/ssl/lets_encrypt']
2021-11-29 07:59:42,391:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-11-29 07:59:42,398:DEBUG:certbot.log:Root logging level set at 20
2021-11-29 07:59:42,399:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2021-11-29 07:59:42,400:INFO:certbot.client:Registering without email!
2021-11-29 07:59:42,625:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2021-11-29 07:59:42,629:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2021-11-29 07:59:45,103:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
2021-11-29 07:59:45,105:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 29 Nov 2021 12:59:45 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"GlxnFiVohXQ": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2021-11-29 07:59:45,106:DEBUG:acme.client:Requesting fresh nonce
2021-11-29 07:59:45,106:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2021-11-29 07:59:45,265:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2021-11-29 07:59:45,267:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 29 Nov 2021 12:59:45 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 00020HWVWUz4LBIlexWynlpLoQr8NA6Rgs_QC4LlmYc9n0c
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
2021-11-29 07:59:45,267:DEBUG:acme.client:Storing nonce: 00020HWVWUz4LBIlexWynlpLoQr8NA6Rgs_QC4LlmYc9n0c
2021-11-29 07:59:45,269:DEBUG:acme.client:JWS payload:
b'{\n "termsOfServiceAgreed": true,\n "resource": "new-reg"\n}'
2021-11-29 07:59:45,277:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-acct:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAiandrIjogeyJuIjogInMyWjZkWUxURzgxRHBhc0NFVEVQZzR6elkzMGprODZ0ekdyTHMyYURQOGg5elNkRDFXMW9EM1BHcWg1S1VnLTJLOUJ3UHZfT1V4SmJPUzBWRC1rbXEwbWJyVGRfN1ZwX1JRcTVPYVlEQWFiZEZwM2RfY29NTUhjNkQyVDFjSVNEdzdOd3NqdWNCN083YlljS1dUbjR0b3VNSHlIeVR3Z0MyVWtvb3lUa3o2dWd0Tm44SVE4blBjMUxnRjFQRDk4enZUb25TYW1ST2w0VUxmemxaSThaRktJbVdjd0pEZTNRUjNqeGhocE13Yi10a01XYnM1eTlhYTZWcXEySlVYbzVPcGtadGFDMkcxNWgzcmxsQ2dpbGh1bEVsbXhFemVyZmRyNFZfcDBPWktKZ3lVRm5HbWNHRDFBYnlORHB5cDctY21VT2FzQktOS1BFTXkzZllwcFJYUSIsICJlIjogIkFRQUIiLCAia3R5IjogIlJTQSJ9LCAibm9uY2UiOiAiMDAwMjBIV1ZXVXo0TEJJbGV4V3lubHBMb1FyOE5BNlJnc19RQzRMbG1ZYzluMGMiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1hY2N0In0",
"signature": "X6nRNW-rNOx1w6F8oTmtAG7iY4b38BWpVh0iFO0k0aeIhwg1F9onp8mgGjFvIVxQHu80l0L85MXnFE2amJd3lR3fdoYbi1rRx79djXeeuhvgYImo2GCHv26OqAvjCLoqFD0Nrbg4KK1wbk7rKsyBtBm1AR6v26YTwrJZgLiSmMsYrOqaAkjSmW0eKQ7FHCAb1XDkednvU8kr6E4C6rTlHZKMeVqVHcvWskaER5ErSNZNTvXcaz98_3ZST1rBmPMiTxzKTSN6glofgOTwgJSipLy9SgiEAmwX5C51eGduuAIeFccbPGh00qe5h0RSylogduNStxOPtuUzTCx5ZwNHMg",
"payload": "ewogICJ0ZXJtc09mU2VydmljZUFncmVlZCI6IHRydWUsCiAgInJlc291cmNlIjogIm5ldy1yZWciCn0"
}
2021-11-29 07:59:45,902:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-acct HTTP/1.1" 201 517
2021-11-29 07:59:45,903:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Mon, 29 Nov 2021 12:59:45 GMT
Content-Type: application/json
Content-Length: 517
Connection: keep-alive
Boulder-Requester: 300182020
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf>;rel="terms-of-service"
Location: https://acme-v02.api.letsencrypt.org/acme/acct/300182020
Replay-Nonce: 0001gPg1FDGa1su5IRQLBFdp2lbnSfgsURpBLuZYR8Zd0wU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"key": {
"kty": "RSA",
"n": "s2Z6dYLTG81DpasCETEPg4zzY30jk86tzGrLs2aDP8h9zSdD1W1oD3PGqh5KUg-2K9BwPv_OUxJbOS0VD-kmq0mbrTd_7Vp_RQq5OaYDAabdFp3d_coMMHc6D2T1cISDw7NwsjucB7O7bYcKWTn4touMHyHyTwgC2UkooyTkz6ugtNn8IQ8nPc1LgF1PD98zvTonSamROl4ULfzlZI8ZFKImWcwJDe3QR3jxhhpMwb-tkMWbs5y9aa6Vqq2JUXo5OpkZtaC2G15h3rllCgilhulElmxEzerfdr4V_p0OZKJgyUFnGmcGD1AbyNDpyp7-cmUOasBKNKPEMy3fYppRXQ",
"e": "AQAB"
},
"initialIp": "2a01:4f9:c011:43ce::1",
"createdAt": "2021-11-29T12:59:45.815440295Z",
"status": "valid"
}
2021-11-29 07:59:45,903:DEBUG:acme.client:Storing nonce: 0001gPg1FDGa1su5IRQLBFdp2lbnSfgsURpBLuZYR8Zd0wU
2021-11-29 07:59:46,039:DEBUG:certbot.reporter:Reporting to user: Your account credentials have been saved in your Certbot configuration directory at /home/user-data/ssl/lets_encrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal.
2021-11-29 08:10:16,191:DEBUG:certbot.main:certbot version: 0.31.0
2021-11-29 08:10:16,193:DEBUG:certbot.main:Arguments: ['--non-interactive', '-d', 'test.com,autoconfig.test.com,autodiscover.test.com,mta-sts.test.com,www.test.com', '--csr', '/tmp/tmpbjpdzyd1', '--cert-path', '/tmp/tmpwd4uc1sj/cert', '--chain-path', '/tmp/tmpwd4uc1sj/chain', '--fullchain-path', '/tmp/tmpwd4uc1sj/cert_and_chain.pem', '--webroot', '--webroot-path', '/home/user-data/ssl/lets_encrypt/webroot', '--config-dir', '/home/user-data/ssl/lets_encrypt']
2021-11-29 08:10:16,193:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-11-29 08:10:16,206:DEBUG:certbot.log:Root logging level set at 20
2021-11-29 08:10:16,207:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2021-11-29 08:10:16,208:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
2021-11-29 08:10:16,208:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0x7fbb1ebef4a8>
Prep: True
2021-11-29 08:10:16,209:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x7fbb1ebef4a8> and installer None
2021-11-29 08:10:16,209:INFO:certbot.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2021-11-29 08:10:16,274:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 11, in <module>
load_entry_point('certbot==0.31.0', 'console_scripts', 'certbot')()
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1365, in main
return config.func(config, plugins)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1234, in certonly
le_client = _init_le_client(config, auth, installer)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 605, in _init_le_client
acc, acme = _determine_account(config)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 513, in _determine_account
acc = display_ops.choose_account(accounts)
File "/usr/lib/python3/dist-packages/certbot/display/ops.py", line 86, in choose_account
"Please choose an account", labels, force_interactive=True)
File "/usr/lib/python3/dist-packages/certbot/display/util.py", line 507, in menu
self._interaction_fail(message, cli_flag, "Choices: " + repr(choices))
File "/usr/lib/python3/dist-packages/certbot/display/util.py", line 469, in _interaction_fail
raise errors.MissingCommandlineFlag(msg)
certbot.errors.MissingCommandlineFlag: Missing command line flag or config entry for this setting:
Please choose an account
Choices: ['box.test.com@2021-09-16T04:09:37Z (73a6)', 'box.test.com@2019-12-15T10:55:18Z (f43e)', 'box.test.com@2021-09-16T05:27:03Z (3c61)']