LetsEncrypt Email Domain IANA Suffix Error


#1

A couple of new sites on our development servers failed to get SSL certificates. The full error when running sudo symbiosis-ssl test1.mydomain.co.uk --verbose was:

!! Failed: Error creating new registration :: email domain name does not end in a IANA suffix

The issue was fixed by adding a file containing a valid email address to /config/ssl/letsencrypt/

Any ideas why this previously worked?


#2

Hi, you don’t mean /config/ssl/letsencrypt, do you? What’s the domain that you’re using? This is a new domain that you’ve registered, is it? What’s the domain?

Why not raise a support ticket with us, if you don’t want to put your domain names in the forum? https://www.bytemark.co.uk/support/

Also, what version of Symbiosis do you have? “cat /etc/debian_version” will tell you.


#3

Hi Ian,

I can confirm the path is correct. I added a text file called “email” in /srv/mydomain.com/config/ssl/letsencrypt/

I didn’t want to post the domain in a public forum. I need to check with the business owner first.

We develop all new sites using site1.mydomain.com, site2.mydomain.com, site3.mydomain.com etc.

In 2018 I set-up an in-house development server using Symbiosis on Debian 9.8 (Stretch). No problems with SSLs previously using the test domains.

I can perhaps test this with a different domain if that helps.

By the way, I didn’t submit a support ticket with Bytemark because we’re using Symbiosis on our hardware.

Thanks,

Dom


#4

Hi @domATwork,

Ah, that would explain it - by default, the email address is (off the top of my head) root@[hostname], so if the server itself doesn’t have a full hostname set (so ‘server.local’ rather than ‘server.example.com’ then it’ll probably fail that step with Let’s Encrypt.

As you noticed, adding the email file will override the default for you, so you should be fine.

Hope that helps!


#5

Yup, been looking at this recently (via dovecot sni)… it’ll run with what’s given or "root@"+Symbiosis::Host.fqdn.

Not here, not yet. :slight_smile: The question has always been ‘why did it work before’? Unless the dev host machine name changed we’re searching for the improbable: letsencrypt account policy/enforcement update, someone managed to slip “.localdomain” on to the Public Suffic List - for months, @domAtwork is Russian AI hell bent on disrupting Symbiosis support… Unless we get a decent answer it’s clearly the latter. :slight_smile:


#6

I can confirm all new sites have this problem. I have too much going on to dig deeper.

My new site checklist now includes adding the “email” text file.

Thanks for input everyone.


#7

If you need to hard code the address (presumably, because the hostname doesn’t use a world-addressable domain) …

… using /etc/symbiosis/ssl/letsencrypt/email avoids the need for site-level configuration (according to the docs).