There is 2 ways we can do that: 1. Make sure nginx container running on ipv6 interface. Unlike below which is binding with ipv4 [upl-image-preview url=https://community.mailcow.email/assets/files/2023-12-02/1701517015-326947-image.png] To bind with ipv6 in `mailcow.conf` at /opt/mailcow-dockerized. Leave as it is binding address empty [upl-image-preview url=https://community.mailcow.email/assets/files/2023-12-02/1701518489-546492-image.png] 2. Make sure validation on acme happen on the basis of A record. To do: Go to mailcow dockerized acme container bash with docker exec. ``` docker exec -it mailcowdockerized-acme-mailcow-1 bash ``` Then comment line ` # AAAA_DOMAIN=$(dig AAAA ${DOMAIN} +short | tail -n 1) # actual code` in file `/srv/functions.sh` . Then I restart the container ``` docker restart mailcowdockerized-acme-mailcow-1 ``` Either way, you will have certification generated for `autodiscover` or `autoconfig`. Eager to hear others way and opinion.

Problem with IPv6 or AAAA record based HTTP validation of acme certification

baksh

There is 2 ways we can do that:

Make sure nginx container running on ipv6 interface. Unlike below which is binding with ipv4

To bind with ipv6 in mailcow.conf at /opt/mailcow-dockerized. Leave as it is binding address empty

Make sure validation on acme happen on the basis of A record. To do:
Go to mailcow dockerized acme container bash with docker exec.

docker exec -it mailcowdockerized-acme-mailcow-1 bash

Then comment line # AAAA_DOMAIN=$(dig AAAA ${DOMAIN} +short | tail -n 1) # actual code in file /srv/functions.sh .
Then I restart the container

docker restart  mailcowdockerized-acme-mailcow-1

Either way, you will have certification generated for autodiscover or autoconfig.

Eager to hear others way and opinion.

codec

You saved my live today. My certificate ran out tonight. Because of HSTS I couldn’t even access the webfrontend.
I was about to disable IPv6 to force the ACME container to verify using IPv4. Then I found your post here and solved the problem.
Thank you