System checks fail, Domain won't resolve anymore, Let's Encrypt won't

dazza · February 7, 2020, 9:34pm

It’s been a week and I have read probably every thread on here. I’m stumped.

I’m on DigitalOcean (fresh droplet!) and GoDaddy.

My system check doesn’t show correctly, although I have done the host names and DNS.
Let’s Encrypt gets an error, even if I use ZeroSSL or some other service.
My domain name used to resolve correctly. But it stopped. I haven’t made any changes since launch.
I can access the admin and mail using the IP address.
I have added an additional domain. It sends and receives email just fine.

What am I doing wrong?

Here are my checks.

System
✓

All system services are running.

The SSH server on this machine permits password-based login. A more secure way to log in is using a public key. Add your SSH public key to $HOME/.ssh/authorized_keys, check that you can log in without a password, set the option ‘PasswordAuthentication no’ in /etc/ssh/sshd_config, and then restart the openssh via ‘sudo service ssh restart’.
✓

System software is up to date.
✓

Mail-in-a-Box is up to date. You are running version v0.43.
✓

System administrator address exists as a mail alias. [administrator @ box. ozonagram.com ↦ me@box. ozonagram. com]
✓

The disk has 20.22 GB space remaining.
✓

System memory is 44% free.

Network
✓

Firewall is active.
✓

Outbound mail (SMTP port 25) is not blocked.
✓

IP address is not blacklisted by zen .spamhaus. org.

box .ozonagram. com

Nameserver glue records are incorrect. The ns1.box. ozonagram. com and ns2. box. ozonagram. com nameservers must be configured at your domain name registrar as having the IP address 165.227. 41.173. They currently report addresses of [Not Set]/[Not Set]. It may take several hours for public DNS to update after a change.

This domain must resolve to your box’s IP address (165. 227.41. 173) in public DNS but it currently resolves to [Not Set]. It may take several hours for public DNS to update after a change. This problem may result from other issues listed above.
✓

Reverse DNS is set correctly at ISP. [165 .227 .41.173 ↦ box.ozonagram.com]
✓

Hostmaster contact address exists as a mail alias. [hostmaster@ box. ozonagram. com ↦ administrator @box. ozonagram .com]

The nameservers set on this domain are incorrect. They are currently [Not Set]. Use your domain name registrar’s control panel to set the nameservers to ns1 .box .ozonagram .com; ns2. box. ozonagram. com.
✓

Domain’s email is directed to this domain. [box. ozonagram. com has no MX record, which is ok]
✓

Postmaster contact address exists as a mail alias. [postmaster @box. ozonagram. com ↦ administrator @box. ozonagram .com]
✓

Domain is not blacklisted by dbl. spamhaus. org.

The TLS (SSL) certificate for this domain is currently self-signed. You will get a security warning when you check or send email and when visiting this domain in a web browser (for webmail or static site hosting).
?

This domain’s DNSSEC DS record is not set. The DS record is optional. The DS record activates DNSSEC. To set a DS record, you must follow the instructions provided by your domain name registrar and provide to them this information:
show more

autoconfig box. ozonagram. com

This domain should resolve to your box’s IP address (A 165 .227.41. 173) if you would like the box to serve webmail or a website on this domain. The domain currently resolves to [Not Set] in public DNS. It may take several hours for public DNS to update after a change. This problem may result from other issues listed here.

autodiscover. box. ozonagram. com

This domain should resolve to your box’s IP address (A 165 .227.41. 173) if you would like the box to serve webmail or a website on this domain. The domain currently resolves to [Not Set] in public DNS. It may take several hours for public DNS to update after a change. This problem may result from other issues listed here.

www .box. ozonagram. com

This domain should resolve to your box’s IP address (A 165 .227.41. 173) if you would like the box to serve webmail or a website on this domain. The domain currently resolves to [Not Set] in public DNS. It may take several hours for public DNS to update after a change. This problem may result from other issues listed here.

alento · February 8, 2020, 12:19am

Why am I not seeing any references to the base domain in your system status page? Have you edited ANYTHING? @dazza

dazza · February 8, 2020, 12:22am

I haven’t edited anything. I don’t recall being asked for the base domain anywhere in the instructions. That may be a good clue.

alento · February 8, 2020, 12:24am

rerun sudo mailinabox … when it gets to the hostname, enter box.ozonagram.com and when it asks you for an email address use miab@ozonagram.com.

Then let me know what happens. Oh, and feel free to come to Slack.
https://mailinabox.email/slack

dazza · February 8, 2020, 12:33am

I did as you asked - but it did not ask for an email address. Straight to:

Your Mail-in-a-Box is running.

Please log in to the control panel for further instructions at:

https://165.227.41.173/admin

alento · February 8, 2020, 12:36am

Seriously? Hmmm … let me put on my thinking cap.

alento · February 8, 2020, 12:41am

Ok @dazza … I remembered that step incorrectly, or it changed. I had expected it to prompt again for the admin user email address but it did not.

So … I am fairly certain that your problem is that you have no email addresses on the root domain. That is my guess. So … add an email user for the root domain please.

dazza · February 8, 2020, 1:42am

Yay! That cracked it.

I added in a user with the base domain.

That created a link to a DNSSEC which did not exist before. (I had put in the box.domain DNSSEC. Which maybe I should not have done.)

Now the provision Let’s Encrypt showed up. And everything is green now.

So thank you.

(And yes, showing the real info is bad security but it’s just me - not one is going to get hurt.)

alento · February 8, 2020, 2:30am

So the question I have is how we got there???

You said it was working originally? Did you perhaps remove the email address(es) on the base domain? Or was this a completely new install?

If a completely new install - did you modify the email address requested as the initial email address … from what I recall, normally one would enter the hostname as box.domain.com and the initial email address will prompt to be me@domain.com. But I noticed your was me@box.domain.com.

I am just trying to find the bug … as this behaviour did not appear in earlier releases of MiaB … but you are not the first one to have this problem recently.

@joshdata - a heads up on this.

dazza · February 8, 2020, 3:48am

Let’s see.

It was a fresh install.
I’m pretty sure it offered up ‘me@box.ozonagram.com’ on set up.
When I set it up originally, it did resolve at box.ozonagram and ozonagram.com - but almost nothing was green. However, I subsequently did the DNSSEC and days later it stopped. I’m sure that is related because I did the DNSSEC originally on box not the base domain.

I’d bet the issue is on #2.

system · February 15, 2020, 3:48am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.