Let's encrypt failing because of local email

SYSTEM INFORMATION
System hostname debian.local (10.0.0.102)
Webmin version 2.202
Virtualmin version 7.30.4
Time on system Saturday, January 25, 2025 10:13 AM

SSL certificate is not being issued because the email is being set as per hostname. i have manually setup a different mail for administrator but how it is taking the hostname as email? the server/domain is accessible.

anyway to fix it?

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Unable to register an account with ACME server. The ACME server believes ns468@debian.local is an invalid email address. Please ensure it is a valid email and attempt registration again.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

Let’s encrypt insists on a valid email address when one requests a free SSL certificates that it offers.

That’s not the correct diagnosis.

Use a valid email address when requesting a certificate from Let’s Encrypt - and if that means changing your hostname to a fqdn which resolves, then so be it.

1 Like

Your hostname needs to be a valid hostname so it can be resolved on the internet.

.local is a reserved domain name I believe.

Strange it installed at all

The install logic probably does not do any live tests on the domain but rather just make sure it has a tld and a domain.

I don’t know how much more we can do. We have documented the necessity of a fully qualified domain (that resolves eventually, though it does not have to resolve during installation) in both the short “Download” page and in the longer Installation docs. We also protect against the most common kinds of “local” domain that we’ve seen (slib/slib.sh at d59ba9fdbea916a27a4f6f003b9b10544cad52fa · virtualmin/slib · GitHub).

At some point, we need people to read the documentation.

@aryan give your server a reasonable FQDN and make it resolve (add it to your DNS).

1 Like

.local might not be on the list, I had a quick look at the code. A lot of IoT stuff use this tld and I think it is a reserved TLD for local networks.

I can change the hostname, no issue. but any reason how ssl email is being created? if i set it to vm.example.com, it will create email ns468@vm.example.com for ssl?

Not sure, did you name anything ns468?

ns468.sitename.com is the virtual server i created where ssl is being installed so i assume it is taking the subdomain.sitename.com as subdomain@debian.local email for ssl

@Joe

Let’s distinguish between the hostname of your server and the domain name of your virtual server. Your request for a SSL certificate from Let’s Encrypt is failing because:

If you orginally named the virtualmin server that then the admin email will be ns468@ns468.sitename.com. That may give you a clue on your setup that causing the issue.

One other thing, is a mismatched rDNS causing the issue? Maybe a security check by let’s encrypt.

Let’s Encrypt emits the following error message:

As Joe said, Virtualmin requires to be installed as per the documentation for everything to work normally.