When I first installed mailinabox, it was v0.27 and just gave the helpful error message of “Something went wrong” when I tried to provision a certificate.
After the upgrade (still haven’t gotten the cert) it said it failed because I hadn’t supplied --agreetos and --email flags before running noninteractively. I added those to the cron job. It stilled failed.
I don’t know what’s changed (still no cert), but now it gives this error:
Provisioning TLS certificates for box.<url>, www.<url>. error: box.<url>, www.box.<url>: Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Performing the following challenges: http-01 challenge for box.<url> http-01 challenge for www.box.<url> Using the webroot path /home/user-data/ssl/lets_encrypt/webroot for all unmatched domains. Waiting for verification... Cleaning up challenges Failed authorization procedure. www.box.<url> (http-01): urn:ietf:params:acme:error:dns :: DNS problem: SERVFAIL looking up A for www.box.<url>, box.<url> (http-01): urn:ietf:params:acme:error:dns :: DNS problem: SERVFAIL looking up A for box.overturn.space IMPORTANT NOTES: - The following errors were reported by the server: Domain: www.box.<url> Type: None Detail: DNS problem: SERVFAIL looking up A for www.box.<url> Domain: box.<url> Type: None Detail: DNS problem: SERVFAIL looking up A for box.<url>
The control panel says there are no problems with DNS, and all the webapps work, and I can send and receive mail, so clearly it’s working enough, so I don’t know what wrong and everyone who’s having a Let’s Encrypt problem is having a different problem, or is trying to renew, not get a certificate in the first place.
Edit: I did accept the ACME EULA during install (I even reran sudo mailinabox to confirm that I did. I am removing the DNSSEC record from my domain registrar per this: https://letsencrypt.org/docs/caa/
which I got from this post: DNS problem: SERVFAIL looking up CAA