Problem with ACME "Cannot match your IP 0000:0000:0000:0000:0000:0000:0000:0000"

MMailcow_starter · Feb 19, 2024

Hi all, I have just installed Mailcow on a new Server. After start up lets encrypt does not create Certificates. In the logs of the ACME-Mailcow I get the following log messages:

acme-mailcow-1 | Mon Feb 19 14:20:51 CET 2024 - Waiting for Docker API... acme-mailcow-1 | Mon Feb 19 14:20:51 CET 2024 - Docker API OK acme-mailcow-1 | Mon Feb 19 14:20:51 CET 2024 - Waiting for Postfix... acme-mailcow-1 | Mon Feb 19 14:20:51 CET 2024 - Postfix OK acme-mailcow-1 | Mon Feb 19 14:20:51 CET 2024 - Waiting for Dovecot... acme-mailcow-1 | Mon Feb 19 14:20:51 CET 2024 - Dovecot OK acme-mailcow-1 | Mon Feb 19 14:20:51 CET 2024 - Waiting for database... acme-mailcow-1 | Mon Feb 19 14:20:51 CET 2024 - Database OK acme-mailcow-1 | Mon Feb 19 14:20:51 CET 2024 - Waiting for Nginx... acme-mailcow-1 | Mon Feb 19 14:20:51 CET 2024 - Nginx OK acme-mailcow-1 | Mon Feb 19 14:20:51 CET 2024 - Waiting for resolver... acme-mailcow-1 | Mon Feb 19 14:20:52 CET 2024 - Resolver OK acme-mailcow-1 | Mon Feb 19 14:20:52 CET 2024 - Waiting for domain table... acme-mailcow-1 | OK acme-mailcow-1 | Mon Feb 19 14:20:52 CET 2024 - Initializing, please wait... acme-mailcow-1 | Mon Feb 19 14:20:52 CET 2024 - Using existing domain rsa key /var/lib/acme/acme/key.pem acme-mailcow-1 | Mon Feb 19 14:20:52 CET 2024 - Using existing Lets Encrypt account key /var/lib/acme/acme/account.pem acme-mailcow-1 | Mon Feb 19 14:20:52 CET 2024 - Detecting IP addresses... acme-mailcow-1 | Mon Feb 19 14:21:13 CET 2024 - OK: <my_correct_ipv4>, 0000:0000:0000:0000:0000:0000:0000:0000 acme-mailcow-1 | Mon Feb 19 14:21:13 CET 2024 - Found AAAA record for autodiscover.<domain>.com: <my_correct_ipv6> - skipping A record check acme-mailcow-1 | Mon Feb 19 14:21:13 CET 2024 - Cannot match your IP 0000:0000:0000:0000:0000:0000:0000:0000 against hostname autodiscover.<domain>.com (DNS returned <my_correct_ipv6>) acme-mailcow-1 | Mon Feb 19 14:21:13 CET 2024 - Found AAAA record for autoconfig.<domain>.com: <my_correct_ipv6> - skipping A record check acme-mailcow-1 | Mon Feb 19 14:21:13 CET 2024 - Cannot match your IP 0000:0000:0000:0000:0000:0000:0000:0000 against hostname autoconfig.<domain>.com (DNS returned <my_correct_ipv6>) acme-mailcow-1 | Mon Feb 19 14:21:14 CET 2024 - Found AAAA record for mail.<domain>.com: <my_correct_ipv6> - skipping A record check acme-mailcow-1 | Mon Feb 19 14:21:14 CET 2024 - Cannot match your IP 0000:0000:0000:0000:0000:0000:0000:0000 against hostname mail.<domain>.com (DNS returned <my_correct_ipv6>) acme-mailcow-1 | Mon Feb 19 14:21:14 CET 2024 - Cannot validate any hostnames, skipping Let's Encrypt for 1 hour. acme-mailcow-1 | Mon Feb 19 14:21:14 CET 2024 - Use SKIP_LETS_ENCRYPT=y in mailcow.conf to skip it permanently. acme-mailcow-1 | OK acme-mailcow-1 | Mon Feb 19 14:26:20 CET 2024 - Waiting for Docker API... acme-mailcow-1 | Mon Feb 19 14:26:20 CET 2024 - Docker API OK acme-mailcow-1 | Mon Feb 19 14:26:20 CET 2024 - Waiting for Postfix... acme-mailcow-1 | Mon Feb 19 14:26:20 CET 2024 - Postfix OK acme-mailcow-1 | Mon Feb 19 14:26:20 CET 2024 - Waiting for Dovecot... acme-mailcow-1 | Mon Feb 19 14:26:20 CET 2024 - Dovecot OK acme-mailcow-1 | Mon Feb 19 14:26:20 CET 2024 - Waiting for database... acme-mailcow-1 | Mon Feb 19 14:26:20 CET 2024 - Database OK acme-mailcow-1 | Mon Feb 19 14:26:20 CET 2024 - Waiting for Nginx... acme-mailcow-1 | Mon Feb 19 14:26:20 CET 2024 - Nginx OK acme-mailcow-1 | Mon Feb 19 14:26:20 CET 2024 - Waiting for resolver... acme-mailcow-1 | Mon Feb 19 14:26:20 CET 2024 - Resolver OK acme-mailcow-1 | Mon Feb 19 14:26:20 CET 2024 - Waiting for domain table... acme-mailcow-1 | OK acme-mailcow-1 | Mon Feb 19 14:26:20 CET 2024 - Initializing, please wait... acme-mailcow-1 | Mon Feb 19 14:26:20 CET 2024 - Using existing domain rsa key /var/lib/acme/acme/key.pem acme-mailcow-1 | Mon Feb 19 14:26:20 CET 2024 - Using existing Lets Encrypt account key /var/lib/acme/acme/account.pem acme-mailcow-1 | Mon Feb 19 14:26:20 CET 2024 - Detecting IP addresses... acme-mailcow-1 | Mon Feb 19 14:26:40 CET 2024 - OK: <my_correct_ipv4>, 0000:0000:0000:0000:0000:0000:0000:0000 acme-mailcow-1 | Mon Feb 19 14:26:40 CET 2024 - Found AAAA record for autodiscover.<domain>.com: <my_correct_ipv6> - skipping A record check acme-mailcow-1 | Mon Feb 19 14:26:40 CET 2024 - Cannot match your IP 0000:0000:0000:0000:0000:0000:0000:0000 against hostname autodiscover.<domain>.com (DNS returned <my_correct_ipv6>) acme-mailcow-1 | Mon Feb 19 14:26:40 CET 2024 - Found AAAA record for autoconfig.<domain>.com: <my_correct_ipv6> - skipping A record check acme-mailcow-1 | Mon Feb 19 14:26:40 CET 2024 - Cannot match your IP 0000:0000:0000:0000:0000:0000:0000:0000 against hostname autoconfig.<domain>.com (DNS returned <my_correct_ipv6>) acme-mailcow-1 | Mon Feb 19 14:26:40 CET 2024 - Found AAAA record for mail.<domain>.com: <my_correct_ipv6> - skipping A record check acme-mailcow-1 | Mon Feb 19 14:26:40 CET 2024 - Cannot match your IP 0000:0000:0000:0000:0000:0000:0000:0000 against hostname mail.<domain>.com (DNS returned <my_correct_ipv6>) acme-mailcow-1 | Mon Feb 19 14:26:40 CET 2024 - Cannot validate any hostnames, skipping Let's Encrypt for 1 hour. acme-mailcow-1 | Mon Feb 19 14:26:40 CET 2024 - Use SKIP_LETS_ENCRYPT=y in mailcow.conf to skip it permanently. acme-mailcow-1 | OK
Also there is no folder /var/lib/acme/ on my server.
I have searched for quite some time now, but I have no idea what to do here.
I would say, that my DNS-Records are correctly set. The IPv6 can be found via the DNS, and it is the own IP address that seems to have problems.
Some ideas?
Thank you!

DocFraggle · Feb 19, 2024

The ACME container isn’t able to determine your host’s IPv6 address. It uses this curl command to do it:

curl –connect-timeout 3 -m 10 -L6s ip6.mailcow.email

You can try to run this command on your host and inside the ACME container, Have a look at the output. Both on my host and in my container my IPv6 address is returned.

If it doesn’t work in your case, check your IPv6 config

MMailcow_starter · Feb 20, 2024

Thank you for the fast reply.
I have tried it, and there is no output. I have checked, as good as i can, if the ip-config is wrong or anything. I don’t see the problem.
So reinstalled the server, and reinstalled mailcow again. But unfortunately I have the exact same behaviour.
Where do I need to look, to check my IPv6 configuration? It looks like that is the problem.

DocFraggle · Feb 20, 2024

You can check your local IPv6 with the ‘ip’ command. In my case my primary interface is eth0:

ip a s eth0

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether AF:FE:E5:E1:1b:cc brd ff:ff:ff:ff:ff:ff
    altname enp0s3
    inet 49.123.123.123/32 scope global dynamic noprefixroute eth0
       valid_lft 70225sec preferred_lft 70225sec
    inet6 abcd:efa:c012:2c4f::1/64 scope global noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 abcd::efab:1ff:fe3c:1bcc/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

Check for the ‘global’ scope inet6 address

Where are you hosting your mailcow?

MMailcow_starter · Feb 20, 2024

Ok, so there is no inet 6 address:
ip a s eth0 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 00:50:56:4e:c8:d3 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 inet <my_ip4_address>.65/24 brd <my_ip4_address>.255 scope global eth0 valid_lft forever preferred_lft forever
I have a Server from Contabo with Debian 12.

In my etc/network/interfaces file, there is ipv6 configured.

DocFraggle · Feb 20, 2024

OK, so check the other interfaces on your server

ip a s

Check if you can see your IPv6 address on another interface

MMailcow_starter · Feb 20, 2024

I have a br-mailcow with an inet6 entry. But this is not my configured IPv6 in the DNS:
br-mailcow: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:94:93:f1:d9 brd ff:ff:ff:ff:ff:ff inet 172.22.1.1/24 brd 172.22.1.255 scope global br-mailcow valid_lft forever preferred_lft forever inet6 fd4d:6169:6c63:6f77::1/64 scope global valid_lft forever preferred_lft forever inet6 fe80::42:94ff:fe93:f1d9/64 scope link valid_lft forever preferred_lft forever inet6 fe80::1/64 scope link valid_lft forever preferred_lft forever

Other than that, I see no IPv6 addresses.

I also have the lo one. I don’t know if this helps:
lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever

DocFraggle · Feb 20, 2024

Mailcow_starter that’s the Docker bridge interface. So maybe check your interfaces file for syntax errors?

MMailcow_starter · Feb 20, 2024

`# The loopback network interface
auto lo
iface lo inet loopback

“Hashtag” The primary network interface
auto eth0
iface eth0 inet static
address <my_ip4>.65
netmask 255.255.255.0
gateway <my_ip4>.1
dns-search invalid
dns-nameservers 213.136.95.10 213.136.95.11
up ip route replace <my_ip4>.0/24 via <gateway> dev eth0

iface eth0 inet6 static
address <my_ip6>
netmask 64
gateway fe80::1
accept_ra 0
autoconf 0
privext 0
`

I didn’t change much here, after the clean system-install.

Thanks for staying with me here.