Error occurred: Status: 400, Detail: DNS name does not have enough labels, Type: urn:acme:error:malformed

[will-ashworth]

This is when generating cert for the following:

• WHM/cPanel
• Exim
• FTP
• Dovecot

Now here's the weird part. When I originally installed this plugin 2-3 months ago (on a new cPanel server), it all worked great. Other LE domains are renewing fine, it's the WHM service certs that are not renewing and giving that error:

Error occurred: Status: 400, Detail: DNS name does not have enough labels, Type: urn:acme:error:malformed

CENTOS 7.2 x86_64 virtuozzo – labs  WHM 58.0 (build 32)

Is there a simple fix? It worked once. Not sure why all of a sudden it would stop working.

[Prajithp]

Could you please email me your hostname csr file?

/var/letsencrypt/live//.csr

So that I can check the SAN field and advice you further on this.

[will-ashworth]

Just sent. Thank you for your help @Prajithp

[will-ashworth]

Any luck @Prajithp ?

[BeZazz]

I just noticed this issue also.

[will-ashworth]

I think it has to do with OpenVZ VPS hostname not surviving reboot. For example, if you type hostname and see "myserver", you should try hostname myserver.mycompany.com" so thathostname` outputs the full, correct hostname.

If Lets Encrypt cannot validate a correct hostname, I believe it will fail. This isn't a @Prajithp issue; but rather a server one. Not that a little helpful information upon failure wouldn't be useful. It would be great if this plugin/module could do some debuggery and output possible causes/solutions so that the admin has something more to go on when attempting to troubleshoot this type of issue.

Meanwhile, I'm working on solving this hostname issue on my end. And, I'm curious if @BeZazz or anyone else having this issue is also using Solus for their servers. It's possible that's an across-the-board cause for this particular issue. My other Xen containers aren't having issues like this. Only the OpenVZ containers.

[will-ashworth]

Also, what tipped me off was installing a competing product, and the same issue happening.

[BeZazz]

I think you are correct.
The server I had the issue with is CENTOS 7.2 x86_64 virtuozzo
and the hostname was incomplete, instead of pluto.domain.com it was only pluto

[will-ashworth]

Well, it appears this is an issue with OpenVZ in general. The only fix I think may work is this...

hostnamectl set-hostname yoursubdomain.yourdomain.com
chattr +i /etc/hostname
reboot

chattr will ensure that even root cannot write to the file to change it. Even on reboot.

If for some reason you want to modify the file again in the future, you can do this:

chattr -i /etc/hostname

@Prajithp @BeZazz

[will-ashworth]

Just rebooted, and this is confirmed working.

[MarksEliel]

I am using VMWare and the error occurs too.