Articles in this section

See more

Unable to issue/renew a Let's Encrypt certificate in Plesk: Error creating new account :: "" is not a valid e-mail address

Avatar
Kuzma Ivanov
Updated
Follow
Plesk for Linux kb: technical

Applicable to:

  • Plesk for Linux

Symptoms

  • A Let's Encrypt certificate cannot be issued for a domain.

  • The following error message appear in /usr/local/psa/admin/logs/panel.log:

    CONFIG_TEXT: ERR [extension/sslit] Failed to renew certificate of domain 'example.com': Invalid response from https://acme-v02.api.letsencrypt.org/acme/new-acct.
    Details:
    Type: urn:ietf:params:acme:error:invalidEmail
    Status: 400
    Detail: Error creating new account :: "" is not a valid e-mail address

    CONFIG_TEXT: ERR [extension/sslit] Failed to renew certificate of domain 'example.com': Invalid response from https://acme-v02.api.letsencrypt.org/acme/new-acct.
    Details:
    Type: urn:ietf:params:acme:error:invalidEmail
    Status: 400
    Detail: Error creating new account :: "" Domain name does not end with a valid public suffix (TLD)

Cause

The email address of the subscription owner is not set at Domains > example.com > Subscription Info (in the right pane) > Subscriber: John Doe > Edit Contact Info (in the right pane):


mceclip0.png

Resolution

  1. Log in to Plesk.

  2. Go to Customers > John Doe > Edit Contact Info (in the right pane) and set an email address for this customer.

    Note: The email address used for Let's Encrypt certificate notifications can be set to another one when issuing a Let's Encrypt certificate.

Comments

1 comment

Sort by Date Votes
  • Avatar
    Ian Simpson

    I've been running the Let's Encrypt plugin for several years. I've always set the notification address for the certificate to some other address. Many customers in our system have no email address like above.

    Earlier this month I was forced to install the SSLIt extension. Since this time, I've been getting a constant stream of emails as above. I have verified that the 'ext-letsencrypt-registrationEmail' parameter is set to the appropriate email address in the database, however it appears when SSLIt tries to renew the domain it is replacing this with the Contact email address.

    I then need to go in and manually reissue the cert, entering the notification address I prefer.

    How can I avoid getting several hundred more of these, and have the system honour my settings?

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles