Request Lets Encrypt module broken

lovemussell · 2018-01-02 23:25:47 UTC

NethServer Version: 7.4.1708 (Final)
Module: Server Certificte > Request new lets encrypt cert

Im having an issue requesting lets encrypt certs through the webUI. The logs show it is using a mistyped email domain. I am not sure how to fix this, changing the email field on the request page isn’t fixing it. I’ve tried to signal-event nethserver-letsencrypt-update, signal-event system-init and running through the first time setup config first.

It has the incorrect spelling cached on the lets encrypt request page whenever I go to request another. I’ve tried requesting it via cerbot through cli and it appears to work, but doesn’t display them on the Server Certificate module.

[root@ns ~]# cat /var/log/letsencrypt/letsencrypt.log

{
  "type": "urn:acme:error:invalidEmail",
  "detail": "Error creating new registration :: DNS problem: NXDOMAIN looking up MX for nethworksandchill.com",
  "status": 400
}
2018-01-02 23:11:46,200:DEBUG:acme.client:Storing nonce: fbc9CfOFEPOKkjpxut2f1yLg9UmU3kV1U5SHnOCs0QM
2018-01-02 23:11:46,200:DEBUG:certbot.main:The ACME server believes randy@nethworksandchill.com is an invalid email address. Please ensure it is a valid email and attempt registration again.

lovemussell · 2018-01-02 23:38:46 UTC

to be clear, when I request a cert I am trying to use @networksandchill.com domain, not @nethworksandchill.com. It’s not letting me correct this from the webUI.

hopefully this makes sense:

mrmarkuz · 2018-01-03 07:11:15 UTC

Could it be that the commas in “Domains” are wrong? I don’t have them, when I try to request a cert on my servers.

Found two threads, where just trying again a few times helped:

stephdl · 2018-01-03 10:32:00 UTC

Yep it works without commas on my server

lovemussell · 2018-01-03 15:46:16 UTC

Well is not the commas. It should accept them anyway as certbot through cli says you can spaces and or commas for separating sub domains. Regardless, I get the same error when using a single domain without spaces and commas. The module is trying to use a misspelled domain Wich doesn’t have a MX record behind it. Please see the error more closely, im not able to correct the notification email error using the server certificate module.

danb35 · 2018-01-03 15:48:29 UTC

Can you try it without entering an email address at all, or does the Neth panel make the email address mandatory? Let’s Encrypt will happily issue without an email address.

lovemussell · 2018-01-03 15:57:21 UTC

I will try that out. I’m pretty sure that the method nethserver is using to handle the let’s encrypt auth/domain verification requires it, but I may be wrong.

danb35 · 2018-01-03 15:59:02 UTC

No, no flavor of validation through Let’s Encrypt requires an email address. They’ll take one, but it’s purely optional. The Neth panel might make it mandatory, but if so, that’s entirely on the Neth side.

filippo_carletti · 2018-01-03 15:59:41 UTC

It’s optional.

lovemussell · 2018-01-03 16:25:46 UTC

The panel still returns an error that the acme server could not create an account when I exclude the email. I’m on mobile at the moment but I’ll see what the logs say now when I get to a computer. Thanks for the help so far everyone

giacomo · 2018-01-04 07:38:14 UTC

The error is quite clear:

Remove the mail from the web interface or use a valid one

dnutan · 2018-01-04 09:45:20 UTC

This might give us some clues:

config getprop pki LetsEncryptMail
grep -r 'randy@nethworksandchill.com' /etc/letsencrypt/accounts/