[SOLVED] Let's Encrypt not working?

Discussion in 'Installation/Configuration' started by Cris Kolkman, Nov 28, 2016.

  1. Cris Kolkman

    Cris Kolkman Member


    Just installed a fresh Debian 8.6 server with ISPConfig using the documentation provided by ISPConfig.
    According to the documentation the Let's Encrypt SSL certs should be created automatically when you enable the checkbox "Let's Encrypt SSL", but when I save the website and go back into the website config again, the checkbox is disabled again and the site is not using any cert, getting this error:

    An error occurred during a connection to webmail4.pro-shells.eu. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG

    What could be the problem?
  2. till

    till Super Moderator Staff Member ISPConfig Developer

  3. Cris Kolkman

    Cris Kolkman Member

    Hello Till,

    Only thing I see in the letsencrypt log is this:

    root@mailserver02:/var/log/letsencrypt# tail letsencrypt.log
    File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 776, in main
    return config.func(config, plugins)
    File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 558, in obtain_cert
    le_client = _init_le_client(config, auth, installer)
    File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 368, in _init_le_client
    acc, acme = _determine_account(config)
    File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 359, in _determine_account
    "Unable to register an account with ACME server")
    Error: Unable to register an account with ACME server
  4. Cris Kolkman

    Cris Kolkman Member

    I now see this error in the letsencrypt log:

    Error: The ACME server believes [email protected] is an invalid email address. Please ensure it is a valid email and attempt registration again.
  5. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    maybe you need an MX record for sub4.domain.com? I don't know if they test (via smtp) that it's a valid recipient or not, but try an MX record first.
  6. Cris Kolkman

    Cris Kolkman Member

    Hello Jesse,

    I don't know why but I tried it a few times and suddenly it got accepted and the SSL cert was created.
    I'll see what happens when the cert needs a renewal, when it's needed I'll create an MX record for that subdomain.

Share This Page