When I first installed mailinabox, it was v0.27 and just gave the helpful error message of “Something went wrong” when I tried to provision a certificate.
After the upgrade (still haven’t gotten the cert) it said it failed because I hadn’t supplied --agreetos and --email flags before running noninteractively. I added those to the cron job. It stilled failed.
I don’t know what’s changed (still no cert), but now it gives this error:
Provisioning TLS certificates for box.<url>, www.<url>.
error: box.<url>, www.box.<url>:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Performing the following challenges:
http-01 challenge for box.<url>
http-01 challenge for www.box.<url>
Using the webroot path /home/user-data/ssl/lets_encrypt/webroot for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. www.box.<url> (http-01): urn:ietf:params:acme:error:dns :: DNS problem: SERVFAIL looking up A for www.box.<url>, box.<url> (http-01): urn:ietf:params:acme:error:dns :: DNS problem: SERVFAIL looking up A for box.overturn.space
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: www.box.<url>
Type: None
Detail: DNS problem: SERVFAIL looking up A for
www.box.<url>
Domain: box.<url>
Type: None
Detail: DNS problem: SERVFAIL looking up A for box.<url>
The control panel says there are no problems with DNS, and all the webapps work, and I can send and receive mail, so clearly it’s working enough, so I don’t know what wrong and everyone who’s having a Let’s Encrypt problem is having a different problem, or is trying to renew, not get a certificate in the first place.
I checked the admin panel again to try to manually provision a certificate instead of waiting for the email to come in a 3am and it said there were package upgrades, so I did that, then I did a dist-upgrade to upgrade the three it held back, then I rebooted the VPS since the admin panel said that the packages were still not upgraded. Now I cannot connect the the admin panel. I can ssh into the server, which seems to be running fine. But now Firefox can't establish a connection to <IP>. Maybe DNS is having a problem because I removed the DS record (I didn’t think leaving it up would be a problem, since I added it before I found out that DNSSEC isn’t available for my domain. So.).
I don’t know.
This link:
makes it sound like it has something to do with authoritative nameservers, but it’s not really the problem I’m having (I don’t think? I let the box handle nameservers) and every other post on this forum with the word “SERVFAIL” involves CAA, port 53, or “nsd”, whatever that is.
Edit 1: Also, I checked the systems status page (admin panel), reran sudo mailinabox and rebooted. I just wanted to add that I did in fact try those first, just like the maintenance guide said. I am now try the curl command used for updating.
Edit 2: No dice. sudo mailinabox andcurl completed without user input (I tried both (the first again) after rebooting the box), because I already have an account with Let’s Encrypt. Note that I had to accept the EULA earlier today when I reran sudo mailinabox the first time. Please let this be a DNS-needs-to-propogate issue.
My desktop email client connected just fine to the server, and the “confirm your account” emails for this forum (I wound up using a different email) finally went through.
Also, there’s a new post in /r/sysadmin.
My
domain
registrar
is
having
issues.
It’s clearly time for bed. I’ll be back with news (hopefully good) tomorrow.
Nginx isn’t running. That’s why there’s no admin panel. But service nginx restart just says “fail”, systemctl isn’t a command, and don’t even know what the problem is anymore.
root@box:~# service nginx reload
* Reloading nginx configuration nginx [fail]
root@box:~# service nginx restart
* Restarting nginx nginx [fail]
root@box:~# service nginx status
* nginx is not running
root@box:~#
root@box:~# nginx -t
nginx: [emerg] unexpected end of file, expecting ";" or "}" in /etc/nginx/sites-enabled/index.html:10
nginx: configuration file /etc/nginx/nginx.conf test failed
root@box:~#
root@box:~# rm /etc/nginx/sites-enabled/index.html
root@box:~# nginx -t
nginx: [warn] "ssl_stapling" ignored, issuer certificate not found
nginx: [warn] "ssl_stapling" ignored, issuer certificate not found
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Still no admin panel though (just in case that’s your next question)
I just restarted nginx and now I have the admin panel Now provisioning the certificate (the original problem) asks for a CAA record, which there are many threads on here, so hopefully I can fix that.
YW … so are you back to where you started with the same error?
If so, try this …
If you want backup the /home/user-data/ssl directory somewhere safe then remove ALL it’s contents and run the ssl_certificates.py under the ~/mailinabox/management/ directory.
No, it said it needed a CAA record, not an A record like it wanted in the first place. I did try what you said though. But then I used the custom DNS page to add the CAA record, and it worked perfectly.
