No MX record for domain foo.bar

Zarloc · November 5, 2015, 12:34am

Hello i try to get my certificate

I run LE client with this command:

./letsencrypt-auto -a manual --agree-dev-preview --server https://acme-v01.api.letsencrypt.org/directory auth

I get this error after typing my mail address

Error: malformed :: The request message was malformed :: Error creating new registration :: No MX record for domain foo.bar

That is my configuration of my DNS Zone

$TTL 86400
@ IN SOA dns19.ovh.net. tech.ovh.net. (2015110505 86400 3600 3600000 86400)
IN NS ns19.ovh.net.
IN NS dns19.ovh.net.
IN MX 1 redirect.ovh.net.
IN A 12.34.56.78
IN AAAA 2001:bc8:cafe::1
www IN CNAME foo.bar.

I didn't know why he said i didn't have a MX record.

nowgoo · November 5, 2015, 8:05am

Hi Zarloc, you are not alone: I have the same problem.

My1 · November 5, 2015, 8:12am

if you have a “normal” email address try that. I also use my Gmail address since that’s the most reliable one.

Zarloc · November 5, 2015, 3:15pm

My Gmail address is unfortunately not whitelisted…
This is why i want to use my domain linked email.

My1 · November 5, 2015, 3:35pm

does the email have to be whtelisted as well? oh my god.
at the very least the domain is not linked to the email, since I have 2 domains reuqested with different emails and I used one to create a SAN, flawlessly.

Zarloc · November 5, 2015, 4:53pm

you can add another email to the whitelist with the google forms.

My1 · November 5, 2015, 4:54pm

well yeah but that takes time.

Zarloc · November 5, 2015, 4:55pm

No, I just tried, it worked in 1 minute

My1 · November 5, 2015, 5:22pm

maybe because it is for the same domain. I requested some new subdomains today and I have nothing yet.

My1 · November 5, 2015, 5:26pm

yeah but at the form you have to enter both email and target domains. and maybe because already listed domain quals to new one it was approved immediately.

My1 · November 5, 2015, 5:28pm

well they should ask for a domain and a contact email.

My1 · November 5, 2015, 5:35pm

then how were you contected that you were whitelisted?

also I have the form here:

https ://docs.google.com/forms/d/15Ucm4A20y2rf9gySCTXD6yoLG6Tba7AwYgglV7CKHmM/viewform?edit_requested=true

and it wants both target domain and email.

take off the space, for some reason it wants to include the whole form…

My1 · November 5, 2015, 5:42pm

but how do the whitelist an email address?
technically I wondered why there was an email whitelistin system, because of the client says email not whitelisted how is that done? so essentially it has to be the contact address it’s the only logical thing, especially because the whois address cannot be one from the target domain because you didnt own the domain nor the email address at the point where the domain was registered and the whois email confirmed…

My1 · November 5, 2015, 5:57pm

so there’s only 2 ways where LE gets your email: a) the form b) the client, and if the client does checks where does the data come from? obviously the form.

jsha · November 11, 2015, 5:56am

@Zarloc: Are you still having this problem? We’ve been having some issues with DNS timeout in prod, and they might be reported incorrectly as “No MX record.” I’m working on a change to report them better.

As someone suggested: the email you supply in the beta form doesn’t have to be the same as the one you use to register using the client.

eva2000 · November 11, 2015, 2:04pm

is there a way from end user end to check if DNS timeout issues is a problem on Letsencrypt server end ?

kelunik · November 11, 2015, 3:26pm

You can prefix links in a new line with a space to prevent oneboxing.

Zarloc · November 11, 2015, 4:27pm

@jsha: I just do the test without MX record error, i can go to acme verification. Meanwhile I turned to another email address, but it’s good to hear you correct this error.