Error occurred: Status: 400, Detail: DNS name does not have enough labels, Type: urn:acme:error:malformed

Prajithp / letsencrypt-cpanel

cPanel/WHM plugin for Let's Encrypt client

MIT License

179 stars 61 forks source link

Error occurred: Status: 400, Detail: DNS name does not have enough labels, Type: urn:acme:error:malformed #89

Open will-ashworth opened 7 years ago

will-ashworth commented 7 years ago

This is when generating cert for the following:

WHM/cPanel
Exim
FTP
Dovecot

Now here's the weird part. When I originally installed this plugin 2-3 months ago (on a new cPanel server), it all worked great. Other LE domains are renewing fine, it's the WHM service certs that are not renewing and giving that error:

Error occurred: Status: 400, Detail: DNS name does not have enough labels, Type: urn:acme:error:malformed

CENTOS 7.2 x86_64 virtuozzo – labs  WHM 58.0 (build 32)

Is there a simple fix? It worked once. Not sure why all of a sudden it would stop working.

Prajithp commented 7 years ago

Could you please email me your hostname csr file?

/var/letsencrypt/live//.csr

So that I can check the SAN field and advice you further on this.

will-ashworth commented 7 years ago

Just sent. Thank you for your help @Prajithp

will-ashworth commented 7 years ago

Any luck @Prajithp ?

BeZazz commented 7 years ago

I just noticed this issue also.

will-ashworth commented 7 years ago

I think it has to do with OpenVZ VPS hostname not surviving reboot. For example, if you type hostname and see "myserver", you should try hostname myserver.mycompany.com" so thathostname` outputs the full, correct hostname.

If Lets Encrypt cannot validate a correct hostname, I believe it will fail. This isn't a @Prajithp issue; but rather a server one. Not that a little helpful information upon failure wouldn't be useful. It would be great if this plugin/module could do some debuggery and output possible causes/solutions so that the admin has something more to go on when attempting to troubleshoot this type of issue.

Meanwhile, I'm working on solving this hostname issue on my end. And, I'm curious if @BeZazz or anyone else having this issue is also using Solus for their servers. It's possible that's an across-the-board cause for this particular issue. My other Xen containers aren't having issues like this. Only the OpenVZ containers.

will-ashworth commented 7 years ago

Also, what tipped me off was installing a competing product, and the same issue happening.

BeZazz commented 7 years ago

I think you are correct. The server I had the issue with is CENTOS 7.2 x86_64 virtuozzo and the hostname was incomplete, instead of pluto.domain.com it was only pluto

will-ashworth commented 7 years ago

Well, it appears this is an issue with OpenVZ in general. The only fix I think may work is this...

hostnamectl set-hostname yoursubdomain.yourdomain.com
chattr +i /etc/hostname
reboot

chattr will ensure that even root cannot write to the file to change it. Even on reboot.

If for some reason you want to modify the file again in the future, you can do this:

chattr -i /etc/hostname

@Prajithp @BeZazz

will-ashworth commented 7 years ago

Just rebooted, and this is confirmed working.

MarksEliel commented 7 years ago

I am using VMWare and the error occurs too.