No MX record for domain foo.bar


#1

Hello i try to get my certificate

I run LE client with this command:

./letsencrypt-auto -a manual --agree-dev-preview --server https://acme-v01.api.letsencrypt.org/directory auth

I get this error after typing my mail address

Error: malformed :: The request message was malformed :: Error creating new registration :: No MX record for domain foo.bar

That is my configuration of my DNS Zone

$TTL 86400
@ IN SOA dns19.ovh.net. tech.ovh.net. (2015110505 86400 3600 3600000 86400)
IN NS ns19.ovh.net.
IN NS dns19.ovh.net.
IN MX 1 redirect.ovh.net.
IN A 12.34.56.78
IN AAAA 2001:bc8:cafe::1
www IN CNAME foo.bar.

I didn’t know why he said i didn’t have a MX record.


#2

Hi Zarloc, you are not alone: I have the same problem.


#3

if you have a “normal” email address try that. I also use my Gmail address since that’s the most reliable one.


#4

My Gmail address is unfortunately not whitelisted…
This is why i want to use my domain linked email.


#5

does the email have to be whtelisted as well? oh my god.
at the very least the domain is not linked to the email, since I have 2 domains reuqested with different emails and I used one to create a SAN, flawlessly.


#6

you can add another email to the whitelist with the google forms.


#7

well yeah but that takes time.


#8

No, I just tried, it worked in 1 minute


#9

maybe because it is for the same domain. I requested some new subdomains today and I have nothing yet.


#11

yeah but at the form you have to enter both email and target domains. and maybe because already listed domain quals to new one it was approved immediately.


#13

well they should ask for a domain and a contact email.


#15

then how were you contected that you were whitelisted?

also I have the form here:

https ://docs.google.com/forms/d/15Ucm4A20y2rf9gySCTXD6yoLG6Tba7AwYgglV7CKHmM/viewform?edit_requested=true

and it wants both target domain and email.

take off the space, for some reason it wants to include the whole form…


#17

but how do the whitelist an email address?
technically I wondered why there was an email whitelistin system, because of the client says email not whitelisted how is that done? so essentially it has to be the contact address it’s the only logical thing, especially because the whois address cannot be one from the target domain because you didnt own the domain nor the email address at the point where the domain was registered and the whois email confirmed…


#19

so there’s only 2 ways where LE gets your email: a) the form b) the client, and if the client does checks where does the data come from? obviously the form.


#20

@Zarloc: Are you still having this problem? We’ve been having some issues with DNS timeout in prod, and they might be reported incorrectly as “No MX record.” I’m working on a change to report them better.

As someone suggested: the email you supply in the beta form doesn’t have to be the same as the one you use to register using the client.


#21

is there a way from end user end to check if DNS timeout issues is a problem on Letsencrypt server end ?


#22

You can prefix links in a new line with a space to prevent oneboxing.


#23

@jsha: I just do the test without MX record error, i can go to acme verification. Meanwhile I turned to another email address, but it’s good to hear you correct this error.