Hi,

my certificat ssl has verified by mailcow, i’ts strange, i have force a renewal but it doesn’t work
do you have the same problem?

As stated here, you need port 80 open for the acme-client to work when performing a Lets Encrypt certificate renewal:
docs.mailcow.email Icon Advanced SSL - mailcow: dockerized documentation

docs.mailcow.email Icon docs.mailcow.email
Advanced SSL - mailcow: dockerized documentation
None
docs.mailcow.email

Make sure port 80 inbound to your server and container is permitted, then restart the container and monitor logs:

docker compose restart acme-mailcow
docker compose logs –tail=200 -f acme-mailcow

    Have something to say?

    Join the community by quickly registering to participate in this discussion. We'd like to see you joining our great moo-community!

    aaronsmith Hi,

    my port 80 and 443 is open.
    This is my screenshot

      Make sure you don’t have any external firewalls blocking inbound HTTP traffic to your server. Outbound may be fine, but inbound HTTP on port 80 does not appear to be working for you.

      That’s evident from the message shown in your logs “…but HTTP validation failed”

      From outside of your server (e.g. your workstation, something outside the network where your mailcow server resides), verify connectivity to port 80:

      nc -zv <server-ip> 80

      If it works you should see a message similar to the following:

      Connection to <ip> port 80 [tcp/http] succeeded!

        aaronsmith

        my ports are open internally and externally, I can access them with the local ip address of the machine and with my domain name from outside

          Double check your IP <-> hostname domain mapping, make sure name lookup and IP lookup are proper.

          You could try disabling the HTTP check (section “Validation errors and how to skip validation”):
          docs.mailcow.email Icon Advanced SSL - mailcow: dockerized documentation

          docs.mailcow.email Icon docs.mailcow.email
          Advanced SSL - mailcow: dockerized documentation
          None
          docs.mailcow.email

          As stated there:

          You can also skip this validation method by setting SKIP_HTTP_VERIFICATION=y in “mailcow.conf”. Be warned that this is discouraged. In most cases, the HTTP verification is skipped to workaround unknown NAT reflection issues, which are not resolved by ignoring this specific network misconfiguration.

          But again, you have some kind of misconfiguration that’s preventing validation from completing, which can get your rate limited by Lets Encrypt.

          If you encounter problems with “HTTP validation”, but your IP address confirmation succeeds, you are most likely using firewalld, ufw or any other firewall, that disallows connections from br-mailcow to your external interface. Both firewalld and ufw disallow this by default. It is often not enough to just stop these firewall services. You’d need to stop mailcow (docker compose down), stop the firewall service, flush the chains and restart Docker.

            aaronsmith
            changing the parameters and setting them to default generated a good ssl certificate, thanks for your help

              Awesome! Thanks for sharing that update. Cheers!

              No one is typing