Mailcow ignores additional SAN in config

simonc

Hello!

We need to add two new domains into our mailcow installation (as a email domain, but also to acess the webadmin under the domain).

I did it several times on an older servr without any issues, I just added the domain into mailcow.conf and it would regen the cert with the new domain in some time. Today I know the version is much newer, so I found a tutorial in your documentation and I followed it: https://mailcow.github.io/mailcow-dockerized-docs/firststeps-ssl/#additional-domain-names

Then I also followed the next part to force mailcow into the cert regen. The cert regen went without any issues, only that it completely ignored the newly added domain.

The domain is ldp.help (yes, we want to use https://ldp.help for mailcow UI and @ldp.help as an alias for our another domain already hosted at mailcow).

Here is my additional SAN in config:

# You can also just add static names...
ADDITIONAL_SAN=ldp.help, mail.ldp.help

(yes, subdomain mail.ldp.help is also pointed to the mailcow IP).

And here is the log from acme when I tried to regen the cert according to the tutorial:
https://hastebin.com/oxequcejob.sql

As you can see, I already hit the ratelimit as I tried to re-run it for this post, but it was not the issue before. It just said “all certs that needed were renewed” and done. I need one more domain that ldp.help in the near future, so I would really appriciate your help!

EDIT: I replaced the directly pasted log with a hastebin link to keep the post clear.

diekuh

ADDITIONAL_SAN=asd,dsa,bla

Without a space. 🙂

simonc

Hi!

Thank you for your answer. I found the issue late in night and I went to bed instead of answering this post, so I am sorry. Yes, the space was one issue, but then I spotted a “hidden” another “ADDITIONAL_SAN=” in my config, so logically that replace the data in variable with an empty string.

Yes, my mistake. But thank you for the help anyway!

diekuh

You are welcome! 🙂