DNS problem: SERVFAIL looking up MX

RadianceNL · October 2, 2016, 8:04pm

Hello,

I am trying to setup a Let’s Encrypt cetificate for the DirectAdmin backend following the documentation of DirectAdmin which can be found here:
https://help.directadmin.com/item.php?id=15

Let’s Encrypt is already working fine for all the domains hosted on the server including the subdomains.

When I run the letsencrypt.sh script I get the following error output:

 ./letsencrypt.sh request da.directup.nl 4096
Setting up certificate for a hostname: da.directup.nl
Getting challenge for da.directup.nl from acme-server...
User let's encrypt key has been found, but not registered. Registering...
Account registration error. Response: HTTP/1.1 100 Continue
Expires: Sun, 02 Oct 2016 16:54:22 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache

HTTP/1.1 400 Bad Request
Server: nginx
Content-Type: application/problem+json
Content-Length: 130
Boulder-Request-Id: 8KDZdcwWHpTPVFpHBaa3S48SmCG0ExMxBA5uaSGZxl4
Replay-Nonce: UCBd8wYfTdc1qcRh8Ig20qd3kmwIkX4deG9QmaasMSI
Expires: Sun, 02 Oct 2016 16:54:24 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 02 Oct 2016 16:54:24 GMT
Connection: close

{
  "type": "urn:acme:error:invalidEmail",
  "detail": "DNS problem: SERVFAIL looking up MX for da.directup.nl",
  "status": 400
}.

I’ve tried to Google for this error but I can’t find a solution.

Could anybody point me in the right direction?

pfg · October 2, 2016, 8:26pm

Looking at the source code for letsencrypt.sh, it appears that the script sets the email address for your Let’s Encrypt account to EMAIL="${USER}@${DOMAIN}", i.e. something like root@da.directup.nl in your case. This is probably not the best approach, as people typically don’t have MX records for subdomains.

I’m not really familiar with DirectAdmin, and this is something they should change on their end (i.e. give users a way to provide an email address), but as a work-around, you could probably modify letsencrypt.sh and change the EMAIL="${USER}@${DOMAIN}" line to something like EMAIL="realaddress@example.com".

RadianceNL · October 2, 2016, 9:33pm

That sounds very plausible indeed. I will test it tomorrow morning and report back.

RadianceNL · October 3, 2016, 5:24am

I can confirm that this was the problem.

Hardcoding my email address solved the problem and this topic can be closed.

Thanks for your help!

system · November 2, 2016, 5:28am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.