Secure webmail doesn't work

Achille · March 20, 2023, 3:37pm

My domain is: Achille

I ran this command: I tried to secure web mail (http://webmail.copyself.com)

It produced this output:
( Encountered issues while issuing the certificate for webmail.copyself.com
Details
Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/212467618177.
Details:
Type: urn:ietf:params:acme:error:dns
Status: 400
Detail: DNS problem: NXDOMAIN looking up A for webmail.copyself.com - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for webmail.copyself.com - check that a DNS record exists for this domain )

My web server is (include version): Plesk Obsidian v18.0.51

The operating system my web server runs on is (include version): Ubuntu 20.04.6 LTS

My hosting provider, if applicable, is: www.online.net

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Wordpress 6.1.1

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): ???

MikeMcQ · March 20, 2023, 3:42pm

As the message explains, you don't have an A (for IPv4) or AAAA (for IPv6) record in your DNS. The HTTP Challenge requires one or both. And, anyone trying to use your webmail will also need that to locate your IP.

rg305 · March 20, 2023, 8:12pm

You can't obtain a certificate from a publicly trusted root CA for a private, ~~and~~ or an unregistered, domain using HTTP-01 authentication.

linkp · March 21, 2023, 1:15pm

The copyself.com domain has been registered for over 23 years.

Creation Date: 2000-02-04T09:38:44Z

Bruce5051 · March 21, 2023, 2:25pm

Using Let's Debug yields these results https://letsdebug.net/webmail.copyself.com/1416058

NoRecords
Fatal
No valid A or AAAA records could be ultimately resolved for webmail.copyself.com. This means that Let's Encrypt would not be able to connect to your domain to perform HTTP validation, since it would not know where to connect to.
No A or AAAA records found.

I do see a DNS A Record for mail.copyself.com

MikeMcQ · March 21, 2023, 3:31pm

@Bruce5051 Wow, very odd Let's Debug result to say no A/AAAA records. Even unboundtest.com can see the A record
https://unboundtest.com/m/A/mail.copyself.com/EL43LPOX

@Achille Can you show the result for a fresh cert request?

EDIT: My bad. I was using mail.copyself.com not webmail.

barf7709 · March 21, 2023, 3:32pm

Dig (DNS lookup) doesn't find anything for webmail.copyself.com
as far as the world is concerned webmail.copyself.com doesn't exist.

Bruce5051 · March 21, 2023, 3:35pm

@MikeMcQ but I do not believe https://unboundtest.com/ finds anything for webmail.copyself.com
https://unboundtest.com/m/A/webmail.copyself.com/UX4ZWWUI , at lest for me on this run.

MikeMcQ · March 21, 2023, 3:55pm

You are right. I posted my edit / correction just before you posted. I used mail subdomain and not webmail

rg305 · March 21, 2023, 4:31pm

True.
But webmail shows NXD, so that FQDN must be private.
So, the "and" in my sentence should have been an "or an":
[updated to:]
You can't obtain a certificate from a publicly trusted root CA for a private, ~~and~~ or an unregistered, domain using HTTP-01 authentication.

Osiris · March 21, 2023, 5:21pm

It's probably better to specify "subdomain" in this case instead of "domain" when talking about the webmail subdomain. And perhaps "unregistered" is also not the term I personally would use for a subdomain. Perhaps "unconfigured" or "unknown" is better? This to make the distinction between a subdomain which one usually easily can add to their DNS zone editor and a "registered domain" for which you (usually) need to pay a registar money.

Achille · March 21, 2023, 9:14pm

Hi guys and thank you all for replies,

I'm going to share more details with you :

1 - DNS Settings for [copyself.com]

2 - DNS Settings From Plesk Tool & Settings

3 - DNS Server Settings for [www.bookmyname.com]
1679432563332

4 - DNS OF YOUR DOMAIN [www.bookmyname.com]

I tried to add IPv6 but it doesn't exist. (or i can't find it)

Thanks,

Osiris · March 21, 2023, 9:25pm

Yeah, no, most of those hosts/values are actually NOT configured in the authorative name servers for copyself.com. E.g., if I look at www.copyself.com, I'm getting an A RR from ns[abc].bookmyname.com and not the CNAME you're showing here. So I have no clue from where these "DNS Settings" are, but they aren't actually working.

Same goes for this.

system · April 20, 2023, 9:25pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.