Invalid Email Error w/ hetzner nextcloud app

I'm trying to determine if this validation error is thrown by letsencrypt or the nextcloud/hetzner installer.

Any insight into why this error is being thrown would be helpful, I would rather not use a dummy address.

LetsDebug says everything is ok: Let's Debug

Running letsencrypt register -m webmaster@tanagra.enterprises was ok.

Running letsencrypt certonly --dry-run was successful.

My domain is:

tanagra.enterprises

I ran this command:

Welcome to Ubuntu 24.04.1 LTS (GNU/Linux 6.8.0-52-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/pro

 System information as of Tue Sep 23 01:40:36 PM UTC 2025

  System load:  0.0               Processes:             128
  Usage of /:   6.8% of 37.23GB   Users logged in:       0
  Memory usage: 30%               IPv4 address for eth0: 5.223.45.74
  Swap usage:   0%                IPv6 address for eth0: 2a01:4ff:2f0:13fa::1


Welcome to the Hetzner Cloud App.

Checkout the documentation at https://docs.hetzner.com

Generated passwords can be found at /root/.hcloud_password

To delete this message of the day: rm -rf /etc/update-motd.d/90-hcloud-app


Expanded Security Maintenance for Applications is not enabled.

0 updates can be applied immediately.

Enable ESM Apps to receive additional future security updates.
See https://ubuntu.com/esm or run: sudo pro status


The list of available updates is more than a week old.
To check for new updates run: sudo apt update

Last login: Tue Sep 23 13:29:58 2025 from 124.120.193.30
 _________________________________________________________________________
|                                                                         |
|   Welcome to the Nextcloud One-Click-App configuration.                 |
|                                                                         |
|   In this process Nextcloud will be set up accordingly.                 |
|   You only need to set your desired User, Domain and E-Mail.            |
|   The latter will be used to configure Apache and allow Let's           |
|   Encrypt to obtain a valid SSL Certificate.                            |
|   Please make sure your Domain exists first.                            |
|                                                                         |
|   Please enter the Domain in following pattern: nextcloud.example.com   |
|_________________________________________________________________________|

Please enter your details to set up your new Nextcloud Instance.
Your Domain: cloud.tanagra.enterprises
Your Username [Default=admin]: picard
Password: 
Password (again): 

Is everything correct? [Y/n] y


Do you want to create a Let's Encrypt Certificate for Domain cloud.tanagra.enterprises? 
Note that the Domain needs to exist. [Y/n]: y
Your Email Address (for Let's Encrypt Notifications): webmaster@tanagra.enterprises
Please enter a valid E-Mail.

My web server is (include version):

root@cloud:~# apache2 -v
Server version: Apache/2.4.58 (Ubuntu)
Server built:   2024-10-02T12:40:51

The operating system my web server runs on is (include version):

ubuntu 24

My hosting provider, if applicable, is:

hetzner

I can login to a root shell on my machine (yes or no, or I don't know):

yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

root@cloud:~# letsencrypt --version
certbot 2.9.0

Try it without providing an email address.

This might be NextCloud's internal email validation pattern issue. Lots of software developers are ignorant to the fact one can have email address with TLD longer than three letters (or any nTLD in general). Try either skipping email address altogether (especially since Let's Encrypt doesn't use it any more), or provide something more conventional, e.g. gmail.com.

Agree. That script might also be validating whether the registration response returns the email address it sent. Let's Encrypt server no longer returns that since they dropped using email addresses for expiration notices.

See: Support Ended for Expiration Notification Emails

If it just needs to look valid, not actually be valid you can probably use whatever@example.com where example.com is literally example.com, not a random domain.

Unfortunately it doesn't let you skip.

Oh I wasn't aware that LE no longer sends out the expiration emails.

Is the purpose of email just for rate limiting? What else is the email used for?

The full details are here: Expiration Notification Service Has Ended - Let's Encrypt

That blog link was also in the thread I linked to about the API

Other Certificate Authorities may still use it (or even require it). It is allowed as part of ACME but LE doesn't use it anymore

Got it, thanks for the docs

fwiw I fully support the premise of this change, seems like a win-win for privacy and costs

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.