Provisioning certificates in MIAB

Help with Setup
#1

Hi

my domain is registed at Namecheap. However when I try to provision a certificate, I get the following error.

Log:

Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Performing the following challenges: http-01 challenge for domain.com http-01 challenge for autoconfig.domain.com http-01 challenge for autodiscover.domain.com http-01 challenge for mta-sts.domain.com http-01 challenge for www.domain.com Using the webroot path /home/user-data/ssl/lets_encrypt/webroot for all unmatched domains. Waiting for verification... Cleaning up challenges Failed authorization procedure. mta-sts.domain.com (http-01): urn:ietf:params:acme:error:dns :: DNS problem: SERVFAIL looking up A for mta-sts.domain.com - the domain's nameservers may be malfunctioning IMPORTANT NOTES: - The following errors were reported by the server: Domain: mta-sts.domain.com Type: None Detail: DNS problem: SERVFAIL looking up A for mta-sts.domain.com - the domain's nameservers may be malfunctioning

Ive set the nameservers to ns1.box.domain.com and ns2.box.domain.com in namecheap.

Thanks for any ideas.

#2

@isuru99

There is a whole huge thread concerning mta-sts. Check that thread out.

The problem is that the DNS A record for the subdomain mta-sts is not there. I do not recall what the solution is… iirc you either need to add it manually, or it appears after some time. I did not read that thread thoroughly, so check it out.

#3

I did find the solution to the problem. 1st is waiting till DNS records propagated. However that was not enough.

Although I DID open all incoming ports at DO, I had to open ALL TCP & UDP to get the certificates activated. I can’t understand why. ( Yes, I confirmed many times that 80,443 were open). But everything works now. I just had to let DNS records propagate and open all ports. But I will close them now.

#4

The next problem I had was that my sent emails landing on Gmails SPAM folder. Immediately after I verified via a TXT record in MIAB what Google said (https://postmaster.google.com/managedomains) my emails now land on the inbox. My MIAB works well now! Thanks guys.

#5

Make sure that everything in the status checks is passing. If something isn’t passing, please post what the problem is.

When you are not using MiaB as the DNS server, be sure to carefully go through and create the records listed on the External DNS page of the MiaB admin dashboard.

For MTA-STS, make sure you have the TXT record configured for _mta-sts.example.com - that is an easy one to overlook.

#6

Thanks. Everything is green now. Sorry, I quite did not understand what you meant. Why would I not use MiaB’s DNS?

1 Like
#7

I only mean if you are choosing not to. There can be various reasons people will choose to do this, such as domains that only want to use the mail service bur require other services be hosted some place else.

I was not recommending you to not use it.

1 Like
#8

Understood. I will keep that in mind and Thanks!

#9

Hi the DNS settings under “external”, they are already applied right? All of them? Even the ones that say as “recommended”? Or do I have to manually copy them and apply them in the “custom DNS”?

Thanks for the clarification.

#10

The external DNS settings are just to tell people what to enter if they are not using MiaB as the DNS server.

If you are currently using the MiaB DNS server for the domain, then MiaB will automagically configure all of those settings for you.

The Custom DNS is for when you want to add your own custom DNS record for one of your domains that is different from what MiaB configures.

#11

Understood. That’s really cool!

#12

It has been several days since I set my MiaB. Here is a short passage about my experience thus far. I hope its not rude to post it on the forum. My MiaB is installed in DO and domain is registered at Namecheap.

I was using Protonmail(PM)before I made the shift. I left Protonmail due major lacking functionality. I must mention though, I had no issues with trust contrary to how I felt with Google products. I was a protonmail paid user.

  1. No functionality to program filters to enable mail redirections to other addresses based on any condition.
  2. Extreme cost. The cost increases a unbearably as domains, storage size increase.
  3. No matter how much people attest otherwise, even their paid support is unacceptable.
  4. Force inclusion of “sent by protonmail” upon each update for Android and no options to disable this even for paid users.

It sounds very well like I am trying to put Protonmail down but what I want to say is that I suffered enough at their hands. The point is I am absolutely in love with what MiaB offers. Its just what I need.

  1. It offers a simple to use email solution. The Roundcude functionality. Roundcube doesn’t look at good as Outlook or Gmail. But RoundCube’s functionality is hands down far far superior.

  2. I can run the setup multiple times. I don’t know why but its a nice feature of MiaB.

  3. Functionality for additional domains is excellent. Just add the nameservers and set an alias and everything just works!

  4. Nextcloud is tighly integrated. Apps are disabled for probably security reasons but the out of box functionalit is just right for Nextcloud.

  5. Webhosting is out of the box! I do not have to spend time or money configuring a different server to host my personal page. I use MiaB and I save money.

  6. I installed wireguard (my favourite VPN) and it works so great within the MiaB. No conflicts yet. I know I am not supposed to change the box but I just made this exception and it did not break my MiaB.

  7. Automated backups of my data makes me stress less. Ive made an image of my Digital Ocean server and if MiaB someday gives an error, I will get that image up and running in no time.

  8. I am not an IT administrator. MiAB still offered me great instructions to make my own email box. MiAB helped me do email right without wasting my time. That is a huge plus.

I am yet to see some downsides of MiaB. I do not think MiaB is without any down sides. May be I will find them in future and I will post any if I find. But I do would like to thanks the developers for making MiaB possible. Thank you very much.

1 Like
#13

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.