Hi – moving over from Mail In A Box and loving everything about Mailcow so far.
My issue: I’ve set up about 15 domains, adding mail.{domain.tld} as an A record that also becomes the MX and is CNAME’d to autoconfig and autodiscover. Everything works in terms of sending and receiving email, but:

  • Outlook and other clients complain about a bad certificate when using mail.{domain.tld} for the SMTP and POP servers; and
  • Web traffic to mail.{domain.tld} does not have an SSL certificate.
    -

I’ve modified ADDITIONAL_SAN=mail.*, restarted acme-mailcow and even brought the whole server down and back up, to no avail. Pretty sure I’m missing something basic, but can’t quite figure it out from the docs and would appreciate any help. Thanks!

  • esackbauer replied to this.
  • And did you do:

    docker compose down
    docker compose up -d

    after changing the mailcow.conf? Because normal rebooting/restarting wont apply the changes.

    Hi, to force the ACME container to renew your certificate you need to create a file. This is what I do (of course depending on the directory where you installed mailcow):

    cd /opt/mailcow-dockerized
    touch data/assets/ssl/force_renew
    docker compose restart acme-mailcow

    To watch the log:
    docker compose logs --tail=200 -f acme-mailcow

    Have something to say?

    Join the community by quickly registering to participate in this discussion. We'd like to see you joining our great moo-community!

    AFAIK you can do Wildcards for mail.* . that would mean he ssl’d my own domain as well🙂
    You should rather do *.{domain.tld} and add all 15 domains to the ADDITIONAL_SAN=

      piperino I don’t get it, why would you do that instead of using mail.*?

        DocFraggle
        mail.* would be sufficient to SSL every TLD starting with “mail.”. but i can be wrong of course.

        At least i’ve never seen such a Wildcard. 🙂

          gregwbrooks restarted acme-mailcow and even brought the whole server down and back up

          did you do docker compose up -d?

          piperino it works as intended 🙂
          That’s my setting:
          ADDITIONAL_SAN=mail.*,sogo.*
          So all my configured domains in mailcow get two additional SANs (mail.example.com and sogo.example.com) in the main certificate

          Ah, I think now I understand what you meant 😃 no, it’s not the mail* wildcard ACME uses, the asterisk is just a placeholder for all domains you configured in the mailcow UI. So the final SAN will be mail.domain1.tld, mail.domain2.tld and so on

            DocFraggle
            okay.
            but your certs are looking like *.example.com, right? in this case maillcow/ACME is doing something.

            Sorry for my ignorance and start confusing you guy’s here🙂 sorry OP
            I’m also fairly new to mailcow, coming from a standalone postfix/cyrus/amavis…. system.
            Mailcow is doing so many things for you out of the box where on my other system it’s some sort of “hard” work and you some sort of knowledge🙂

            It looks like this:

            plus the default SANs like autodiscover.* and autoconfig.*

            5 months later

            I have the same requirement and problem. Any solution on this?

            Let me guess, you haven’t had a look at the lets encrypt/ACME logs?
            Have you done the force renewal as mentionied in the second posting?

              esackbauer I have looked. There is no anything regarding the mail.domainB.com

              Also I have tried with

              cd /opt/mailcow-dockerized
              touch data/assets/ssl/force_renew
              docker compose restart acme-mailcow
              docker compose logs --tail=200 -f acme-mailcow

              And did you do:

              docker compose down
              docker compose up -d

              after changing the mailcow.conf? Because normal rebooting/restarting wont apply the changes.

              It seams I haven’t. I have just did, and it’s great now! Thanks!

              No one is typing