So, my SSL certificate expired and unfortunately it is not updated automatically. What I did:
- ssh to my server
sudo sucd /opt/mailcow-dockerizeddocker-compose restart acme-mailcowdocker-compose logs --tail=200 -f acme-mailcow
And I see this:
mailcowdockerized-acme-mailcow-1 | Found domains: mail.my-main-domain.mk, autodiscover.my-main-domain.mk, autoconfig.my-main-domain.mk, autodiscover.my-second-domain.si, autoconfig.my-second-domain.si
mailcowdockerized-acme-mailcow-1 | Getting directory...
mailcowdockerized-acme-mailcow-1 | Directory found!
mailcowdockerized-acme-mailcow-1 | Registering account...
mailcowdockerized-acme-mailcow-1 | Already registered! Account ID: https://acme-v02.api.letsencrypt.org/acme/acct/xxx
mailcowdockerized-acme-mailcow-1 | Creating new order...
mailcowdockerized-acme-mailcow-1 | Order created!
mailcowdockerized-acme-mailcow-1 | Already verified: autoconfig.my-main-domain.mk, skipping...
mailcowdockerized-acme-mailcow-1 | Already verified: autodiscover.my-main-domain.mk, skipping...
mailcowdockerized-acme-mailcow-1 | Verifying autodiscover.my-second-domain.si...
mailcowdockerized-acme-mailcow-1 | Traceback (most recent call last):
mailcowdockerized-acme-mailcow-1 | File "/usr/bin/acme-tiny", line 8, in <module>
mailcowdockerized-acme-mailcow-1 | sys.exit(main())
mailcowdockerized-acme-mailcow-1 | File "/usr/lib/python3.10/site-packages/acme_tiny.py", line 195, in main
mailcowdockerized-acme-mailcow-1 | signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact, check_port=args.check_port)
mailcowdockerized-acme-mailcow-1 | File "/usr/lib/python3.10/site-packages/acme_tiny.py", line 153, in get_crt
mailcowdockerized-acme-mailcow-1 | raise ValueError("Challenge did not pass for {0}: {1}".format(domain, authorization))
mailcowdockerized-acme-mailcow-1 | ValueError: Challenge did not pass for autodiscover.my-second-domain.si: {'identifier': {'type': 'dns', 'value': 'autodiscover.my-second-domain.si'}, 'status': 'invalid', 'expires': '2022-10-30T14:14:11Z', 'challenges': [{'type': 'http-01', 'status': 'invalid', 'error': {'type': 'urn:ietf:params:acme:error:unauthorized', 'detail': '91.xxx.xxx.xxx: Invalid response from https://my-second-domain.si/.well-known/acme-challenge/uCxxxxIY: "<!DOCTYPE html>\\n<html>\\n\\n<head>\\n\\t<meta charset=\\"utf-8\\">\\n\\t<meta http-equiv=\\"X-UA-Compatible\\" content=\\"IE=edge\\">\\n\\t<meta name=\\"viewp"', 'status': 403}, 'url': 'https://acme-v02.api.letsencrypt.org/acme/chall-v3/xxx/xxx', 'token': 'uCxxxxIY', 'validationRecord': [{'url': 'http://autodiscover.my-second-domain.si/.well-known/acme-challenge/uCxxxxIY', 'hostname': 'autodiscover.my-second-domain.si', 'port': '80', 'addressesResolved': ['91.xxx.xxx.xxx'], 'addressUsed': '91.xxx.xxx.xxx'}, {'url': 'https://my-second-domain.si/.well-known/acme-challenge/uCxxxxIY', 'hostname': 'my-second-domain.si', 'port': '443', 'addressesResolved': ['91.xxx.xxx.xxx'], 'addressUsed': '91.xxx.xxx.xxx'}], 'validated': '2022-10-23T14:42:15Z'}]}
mailcowdockerized-acme-mailcow-1 | Sun Oct 23 16:42:25 CEST 2022 - Failed to obtain certificate /var/lib/acme/mail.my-main-domain.mk/cert.pem for domains 'mail.my-main-domain.mk autoconfig.my-main-domain.mk autoconfig.my-second-domain.si autodiscover.my-main-domain.mk autodiscover.my-second-domain.si'
mailcowdockerized-acme-mailcow-1 | OK
mailcowdockerized-acme-mailcow-1 | Sun Oct 23 16:42:25 CEST 2022 - Some errors occurred, retrying in 30 minutes...
mailcowdockerized-acme-mailcow-1 | OK
One of the problems is, that I have entered (via web GUI) my-second-domain.si, however, this domain is not entered into DNS (actually, DNS for this domain point to another server. Unfortunately, I can not log in to the web GUI, because SSL cert is not valid and HSTS is enabled…
But I think the main problem is, why mail.my-main-domain.mk does not get validated? in data/assets/ssl/mail.my-main-domain.mk I have cert.pem and key.pem which are valid through 2023. But it seems these files does not get copied to the correct place for acme-mailcow??