Problem Getting Let's Encrypt SSL Certs When DNS MX Record Points to Spam Filter

Submitted by sonoracomm on Fri, 01/22/2021 - 09:27 Pro Licensee

Hi,

We have a spam filter server (MailCleaner) that we use to provide optional spam filtering to clients. The same issues applies to using any spam filter service that uses MX routing to route a domain's mail through a filter. That's pretty much all of them...

In Virtualmin, when you attempt to obtain a letsencrypt SSL certificate for a domain, it will fail:

 Validating configuration for heritageadvisorycorp.com ..
.. errors were found, which will prevent Let's Encrypt from issuing a certificate :

    BIND DNS domain : This domain has email enabled, but none of the MX records mc.virtualarchitects.com mc2.virtualarchitects.com point to it. Either the MX records should be corrected, or the email feature disabled if mail is hosted externally.

Further, there appears to be no way to work around this problem, short of rerouting the domain's mail directly to the Virtualmin server.

Am I missing a setting somewhere?

Thanks in advance,

G

Status: 
Active
Virtualmin version: 
6.14
Webmin version: 
1.970

Comments

Ilia's picture
Submitted by Ilia on Fri, 01/22/2021 - 09:47

Hi,

Thanks for contacting us.

Further, there appears to be no way to work around this problem, short of rerouting the domain's mail directly to the Virtualmin server. Am I missing a setting somewhere?

Yes, you can Skip tests for Check connectivity first option set on SSL Certificate > Let's Encrypt page.

Submitted by sonoracomm on Fri, 01/22/2021 - 10:24 Pro Licensee

Well crumb!

I tried that and it didn't work. I just tried it on another domain and it did work!

I think I had two issues, as I was also trying to obtain a wildcard certificate. In the mean time, I implemented the fix in this post for the dns-01 issue with a DNS slave:

https://www.virtualmin.com/comment/820064#comment-820064

Thanks much,

G