LE renewals requesting for non-existent subdomain

almost all of my virtual servers are setup to renew monthly “domains associated with this server”, which encompass domain.tld and www.domain.tld.

but suddenly that list includes mail.domain.tld as well. and since i dont have “mail” configured in my external dns for any of my virtual server domains its causing errors upon renewal.

now i cant help but suspect the issue is related to, only hours before the LE issue, my temporarily adding a record to one virtual server’s dns in virtualmin for a host named “mail”.

so how do i get the “domains associated with this server” back down to domain.tld and www.domain.tld?

arg! going to have to manually specify domains for all my virtual servers until this is resolved. got subscribers flipping out over inboxes being filled with renewal failure messages.

anyone know where the list of “domains associated with this server” come from?

Same problem here.
Until I would say one moth ago, everything worked just fine for domain.tld and www.domain.tld
Now, I keep getting failures because the script tries for domain.tld www.domain.tld and mail.domain.tld
The weird part is that the error states it cannot find www.mail.domain.tld.

Performing the following challenges:

http-01 challenge for domain.tld
http-01 challenge for www.domain.tld
http-01 challenge for mail.domain.tld


Failed authorization procedure. mail.domain.tld (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Could not connect to www.mail.domain.tld

its funny no one knows how/why this happened, or where the list comes from. this doesnt seem to be that obscure a matter.

There’s a fix for this rolling out to all repos right now. It should be available for Ubuntu/Debian right now, and for CentOS in a few more minutes (I upgraded our repo generation scripts to also generate DRPMs, so it’s taking forever to build all those diff RPMs).

Sorry for the inconvenience, y’all. It was supposed to be a nice new feature (it was requested by several folks who wanted mail certificates to be easier to setup), but it led to some real cranky behavior on systems that didn’t have a mail domain setup that could also be reached via web.