Won't allow me to register as a contact, invalid email?


#1

When I launch Certify, it first prompts me to register as a contact, but won’t accept my valid email address. Says “Oops, you forgot to provide a valid email address.” However, it is valid.

Latest Certify (non beta)
server 2012 R2
firewall is off


#2

Hi, thanks for raising this - the error message occurs in two cases:

  • there is no outgoing https connection on the server, so we can’t talk to the Let’s Encrypt API (i.e. you cannot access https websites in the server’s browser)
  • the email domain does not have MX records (so can’t be a real email address) - this is enforced by Let’s Encrypt.

#3

Thanks for the response.

I don’t think https is blocked because I can browse to the website publically and reach it, just no certificate. This tells me 443 is open.

The 2nd point is working now, but not sure why. The email domain definitely has a MX record, perhaps the server needed a reboot before being able to run Certify, or perhaps enabling all features in IIS enabled some unmentioned prerequisite to make work?

There should be an instruction page that is a technical walk through how to set up a new server (including IIS config) / website with Certify. That way we can at least have a working starting point.

A new 2012 r2 server with IIS and a basic html page does not work with Certify. There must be prerequisites not being mentioned.


#4

Thanks, glad you got it working. We should indeed put together a more detailed guide and would hope to have something like that done this year. Regarding the registration step only .net 4.5.2 or higher and an outgoing https connection are required - perhaps we were getting a temporary error from the Let’s Encrypt registration API.

Regarding other prerequisites - you do need asp.net installed in order for auto configuration to work via the web.config (you need to serve extensionless files from the .well-known/acme-challenge/ path of your website).

Your website ideally needs to be up and running before you use the app as subsequent changes to install a web application can interfere with the configuration (such as app config inheritance etc).


#5

Hello,

I’m having the same problem… FW admin says he doesn’t see any blocked traffic coming from our web server and I tried 4 different email addresses at mail.mil, yahoo.com, gmail.com, and o-day.net. Get the same error every time.

Thanks in advance for any thoughts.


#6

Hi, this is usually a false error caused by outgoing https traffic from your server being blocked by the firewall (or you use a proxy for your internet connection). The app currently doesn’t support using a proxy and requires access to APIs at https://api.certifytheweb.com and https://acme-v01.api.letsencrypt.org (and https://acme-v02.api.letsencrypt.org). A quick test is can your browser on the server connect to https://certifytheweb.com or not (or even https://google.com).

When you register the email contact it creates an ‘account’ with Let’s Encrypt, the email address used will be notified if certs are approaching expiry.