Applicable to:
- Plesk for Linux
Symptoms
-
A Let's Encrypt certificate cannot be issued for a domain.
-
The following error message appear in
/usr/local/psa/admin/logs/panel.log
:CONFIG_TEXT: ERR [extension/sslit] Failed to renew certificate of domain 'example.com': Invalid response from https://acme-v02.api.letsencrypt.org/acme/new-acct.
Details:
Type: urn:ietf:params:acme:error:invalidEmail
Status: 400
Detail: Error creating new account :: "" is not a valid e-mail address
CONFIG_TEXT: ERR [extension/sslit] Failed to renew certificate of domain 'example.com': Invalid response from https://acme-v02.api.letsencrypt.org/acme/new-acct.
Details:
Type: urn:ietf:params:acme:error:invalidEmail
Status: 400
Detail: Error creating new account :: "" Domain name does not end with a valid public suffix (TLD)
Cause
The email address of the subscription owner is not set at Domains > example.com > Subscription Info (in the right pane) > Subscriber: John Doe > Edit Contact Info (in the right pane):
Resolution
-
Go to Customers > John Doe > Edit Contact Info (in the right pane) and set an email address for this customer.
Note: The email address used for Let's Encrypt certificate notifications can be set to another one when issuing a Let's Encrypt certificate.
Comments
1 comment
I've been running the Let's Encrypt plugin for several years. I've always set the notification address for the certificate to some other address. Many customers in our system have no email address like above.
Earlier this month I was forced to install the SSLIt extension. Since this time, I've been getting a constant stream of emails as above. I have verified that the 'ext-letsencrypt-registrationEmail' parameter is set to the appropriate email address in the database, however it appears when SSLIt tries to renew the domain it is replacing this with the Contact email address.
I then need to go in and manually reissue the cert, entering the notification address I prefer.
How can I avoid getting several hundred more of these, and have the system honour my settings?
Please sign in to leave a comment.