Error provisioning SSL certificate when parent domain is pointing another server (v0.27)

I have been using Mailinabox for a while with this config:

I have it in a separated instance, with hostname box.mydomain.com, and I use it to send mails from @mydomain.com

As I am trying to renovate the SSL certificate, an error is shown because mydomain.com is pointing to another server (where my website is hosted).

Any ideas to fix this?

Looks like you have 2 custom DNS A records pointing your told mydomain.tld and www.mydomain.tld (sub)domains to your other web server IP address. Isn’t it?

  • Then you must call its let’s encrypt certificate for your told mydomain.tld and www.mydomain.tld (sub)domains from the web server where you host your website for them.

I already have those mydomain.tld and www.mydomain.tld correctly provisioned on my other server. I am worried about the box.mydomain.tld ssl certificate which seems to depend on the other two because Mailinabox can’t renew it.

If the mydomain.tld and www.mydomain.tld are currently pointing to the external web server then, when you will call the renewal from your BOX server only the box.mydomain.tld TLS (https) certificate will be renewed …

The old mydomain.tld and www.mydomain.tld will fail and will not be renewed in the BOX server because are pointing to an external IP address.

I know it SHOULD work like that but it’s not. Apparently when the external domains can’t be renewed, the BOX certificate isn’t renewed either. Here is the error mail I am getting (some information has been removed, like IPs, etc.):

Something unexpected went wrong: [NeedToInstallFile('http://box.mydomain.tld/.well-known/acme-challenge/xxxxxxxxxxxxxxxxxxxxxx', 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxx', 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx')]
TLS certificates could not be provisoned for:
mydomain.tld: Domain control validation cannot be performed for this domain because DNS points the domain to another machine (A 00.000.000.00).
www.mydomain.tld: Domain control validation cannot be performed for this domain because DNS points the domain to another machine (A 00.000.000.00)

CREATE A BACKUP FIRST and try deleting the OLD given single certificate valid for the three (sub)domains - mydomain.tld, www.mydomain.tld and box.mydomain.tld - and call the certificate again as new but for box.mydomain.tld only, this time.

If still doesn’t work at your end surely I’ll not be able to help further.

Should I delete the files directly or should I use any command line instructions? Can you give me some directions on this, please?

Create a new server snapshot before to proceed (to always have to where to go back if anything fails)

Through WinSCP:
rename /home/user-data/ssl to /home/user-data/ssl_OLD

Through ssh:
apt-get update && apt-get upgrade && apt-get dist-upgrade -y
apt-get autoremove -y
reboot

Update/ upgrade Mail-in-a-Box using the same way you did its installation originaly:

a) Using the CURL option (for latest official release):

curl -s https://mailinabox.email/bootstrap.sh | sudo bash

b) if you originally installed from git (to always get latest MASTER version):

cd mailinabox
git pull
git checkout
setup/start.sh

At the end of the process a new /home/user-data/ssl folder should be created and you had or you will have the option to create the desired certificate for box.mydomain.tld as new.

  • Delete the /home/user-data/ssl_OLD folder.
1 Like

Did all that and still can see the other domains in my control panel. For now the new certificate is issued but I guess I’ll have the same problem in 3 months :confused: