EnglishHi all,
i get warnings in mail client and browser due to missing MAILCOW_HOSTNAME in SSL certificate from Lets Encrypt.
It seems it has been renewed yesterday, at least it says: Validity=>Not Before: Sep 24 07:59:03 2024 GMT
Subject is CN = autoconfig.denominazione.de which is NOT the MAILCOW_HOSTNAME.
I found no error or something related to this in the logs.
Any hint highly appreciated!
Thanks,
Christian
Yes, your certificate includes only autoconfig.* and autodiscover.* SANs
SSL Certificate Checker
ssl.org
Did you accidentally delete your primary DNS entry?
Have something to say?
Join the community by quickly registering to participate in this discussion. We'd like to see you joining our great moo-community!
Thanks for your reply.
But, no, DNS Entries are there: A as well as AAAA entry.
;; ANSWER SECTION:
mail.fabbrica.one. 3600 IN A 168.119.183.13
mail.fabbrica.one. 3600 IN AAAA 2a01:4f8:c013:1a10::1
make sure that the MAILCOW_HOSTNAME is correctly configured in mailcow.conf.
Then run update.sh
If its still not working, try 
force renewal. docs.mailcow.email
If you browse to http://mail.fabbrica.one you reach an Apache server. Did you accidentally install Apache on your mailcow host?
Due to this Apache instance the Letsencrypt http verification for mail.fabbrica.one isn’t working
Seems like he uses a not properly configured reverse proxy.
Yes, @DocFraggle and @esackbauer
Mailcow is behind Apache proxy.
I am quite certain we followed the docs ( Apache 2.4 - mailcow: dockerized documentation) by the word, but will double check again. docs.mailcow.email
Is it possible that you actually forgot to change CHANGE_TO_MAILCOW_HOSTNAME to your mailcow hostname?
No, MAILCOW_HOSTNAME is correctly set in mailcow.conf and also with same value in apaches ServerName directive.
You added an AAAA record as well for mail.fabbrica.one and I think we had another thread in this forum where we discovered that if an AAAA record exists this will be used to verify the certificate request (this may have been implemented just recently). Did you check your ACME container’s log to check if it’s trying to do that? I guess you didn’t include IPv6 in your reverse proxy config? Because in your linked example it isn’t configured.
EDIT: here’s the thread: 
ACME HTTP validation failed mailcow community
@DocFraggle OUCH. This indeed may be part of or all of the problem.
Will check and come back.
