Wildcard domain: The request message was malformed :: Error creating new order :: DNS name does not have enough labels


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
beta.mentormarket.io - wordpress multisite need certificate for *.beta.mentormarket.io

I ran this command:
./certbot-auto certonly -dns-rfc2136 -d "*.beta.mentormarket.io" -d "beta.mentormarket.io" --agree-tos --manual-public-ip-logging-ok --preferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory

It produced this output:

(E)xpand/(C)ancel: e
Renewing an existing certificate
An unexpected error occurred:
The request message was malformed :: Error creating new order :: DNS name does not have enough labels
Please see the logfiles in /var/log/letsencrypt for more details.

My web server is (include version):
Apache2 - Ubuntu standard

The operating system my web server runs on is (include version):
Ubuntu 18.04

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no


#2

Hi @TheCrazyGM

this error happens, if you have something like “io” as domain name. Labels are the word between the dots of a domain name. But I don’t see such an error.

What says


#3
root@beta:/var/log/letsencrypt# tail -f letsencrypt.log
    return self.net.post(*args, **kwargs)
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/acme/client.py", line 1123, in post
    return self._post_once(*args, **kwargs)
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/acme/client.py", line 1137, in _post_once
    return self._check_response(response, content_type=content_type)
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/acme/client.py", line 997, in _check_response
    raise messages.Error.from_json(jobj)
Error: urn:ietf:params:acme:error:malformed :: The request message was malformed :: Error creating new order :: DNS name does not have enough labels
2018-11-03 21:28:23,043:ERROR:certbot.log:An unexpected error occurred:
2018-11-03 21:28:23,043:ERROR:certbot.log:The request message was malformed :: Error creating new order :: DNS name does not have enough labels

#4

Is being interpreted as -d ns-rfc2136 .

You need --dns-rfc2136.


#5

You are using -dns-rfc2136 so certbot thinks you are trying to specify a domain name with -d param, use --dns-rfc2136

Edit: @_az was faster than me :wink:


#6

Thank you both, that is at least progress.

root@beta:~/certbot# ./certbot-auto certonly --dns-rfc2136 -d “*.beta.mentormarket.io” -d “beta.mentormarket.io” --agree-tos --manual-public-ip-logging-ok --preferred-challenges dns --server https://acme-v02.a
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Could not choose appropriate plugin: The requested dns-rfc2136 plugin does not appear to be installed
The requested dns-rfc2136 plugin does not appear to be installed


#7

The DNS plugins aren’t included in certbot-auto.

Since you’re on Ubuntu 18.04, you can install Certbot and the dns-rfc2136 plugin with apt, either from Ubuntu’s repositories (getting an older version) or using the Certbot PPA.

sudo apt install certbot python3-certbot-dns-rfc2136

#8

Just for the records, the recommended way is to use the official packages for Ubuntu or the PPA as @mnordhoff said, but if you still want to install it using certbot-auto you could use this command (as root):

/opt/eff.org/certbot/venv/bin/pip install certbot-dns-rfc2136

Warning: If certbot-auto is updated you will lose this plugin and you would need to install it again.


#9

Thanks everyone for the fast response, this has been resolved.