I guess you didn’t get a real Letsencrypt certificate yet, so Nextcloud is complaining about the default self-signed SSL certificate. Check the logs of your ACME container
EnglishSSL error?
Have something to say?
Join the community by quickly registering to participate in this discussion. We'd like to see you joining our great moo-community!
How do I get such a certificate?
Here are the logs.
root@ubuntu:/opt/mailcow-dockerized# docker compose logs --tail=200 -f acme-mailcow
acme-mailcow-1 | Thu Dec 26 18:36:10 UTC 2024 - Waiting for Docker API...
acme-mailcow-1 | Thu Dec 26 18:36:10 UTC 2024 - Docker API OK
acme-mailcow-1 | Thu Dec 26 18:36:10 UTC 2024 - Waiting for Postfix...
acme-mailcow-1 | Thu Dec 26 18:36:10 UTC 2024 - Postfix OK
acme-mailcow-1 | Thu Dec 26 18:36:10 UTC 2024 - Waiting for Dovecot...
acme-mailcow-1 | Thu Dec 26 18:36:10 UTC 2024 - Dovecot OK
acme-mailcow-1 | Thu Dec 26 18:36:10 UTC 2024 - Waiting for database...
acme-mailcow-1 | Thu Dec 26 18:36:10 UTC 2024 - Database OK
acme-mailcow-1 | Thu Dec 26 18:36:10 UTC 2024 - Waiting for Nginx...
acme-mailcow-1 | Thu Dec 26 18:36:10 UTC 2024 - Nginx OK
acme-mailcow-1 | Thu Dec 26 18:36:10 UTC 2024 - Waiting for resolver...
acme-mailcow-1 | Thu Dec 26 18:36:10 UTC 2024 - Resolver OK
acme-mailcow-1 | Thu Dec 26 18:36:10 UTC 2024 - Waiting for domain table...
acme-mailcow-1 | OK
acme-mailcow-1 | Thu Dec 26 18:36:10 UTC 2024 - Initializing, please wait...
acme-mailcow-1 | Thu Dec 26 18:36:11 UTC 2024 - Generating missing domain private rsa key...
acme-mailcow-1 | Thu Dec 26 18:36:11 UTC 2024 - Generating missing Lets Encrypt account key...
acme-mailcow-1 | Thu Dec 26 18:36:12 UTC 2024 - Detecting IP addresses...
acme-mailcow-1 | Thu Dec 26 18:36:12 UTC 2024 - OK: 194.164.59.157, 2a01:239:276:c300::1
acme-mailcow-1 | Thu Dec 26 18:36:12 UTC 2024 - Validated CAA for parent domain avocloud.net
acme-mailcow-1 | Thu Dec 26 18:36:12 UTC 2024 - No A or AAAA record found for hostname smtp.avocloud.net
acme-mailcow-1 | Thu Dec 26 18:36:12 UTC 2024 - Validated CAA for parent domain avocloud.net
acme-mailcow-1 | Thu Dec 26 18:36:12 UTC 2024 - Found AAAA record for autodiscover.avocloud.net: 2a01:239:276:c300::1 - skipping A record check
acme-mailcow-1 | Thu Dec 26 18:36:12 UTC 2024 - Confirmed AAAA record with IP 2a01:0239:0276:c300:0000:0000:0000:0001, but HTTP validation failed
acme-mailcow-1 | Thu Dec 26 18:36:12 UTC 2024 - Validated CAA for parent domain avocloud.net
acme-mailcow-1 | Thu Dec 26 18:36:12 UTC 2024 - Found AAAA record for autoconfig.avocloud.net: 2a01:239:276:c300::1 - skipping A record check
acme-mailcow-1 | Thu Dec 26 18:36:12 UTC 2024 - Confirmed AAAA record with IP 2a01:0239:0276:c300:0000:0000:0000:0001, but HTTP validation failed
acme-mailcow-1 | Thu Dec 26 18:36:12 UTC 2024 - Validated CAA for parent domain avocloud.net
acme-mailcow-1 | Thu Dec 26 18:36:12 UTC 2024 - Found AAAA record for mail.avocloud.net: 2a01:239:276:c300::1 - skipping A record check
acme-mailcow-1 | Thu Dec 26 18:36:12 UTC 2024 - Confirmed AAAA record with IP 2a01:0239:0276:c300:0000:0000:0000:0001, but HTTP validation failed
acme-mailcow-1 | Thu Dec 26 18:36:12 UTC 2024 - Cannot validate any hostnames, skipping Let's Encrypt for 1 hour.
acme-mailcow-1 | Thu Dec 26 18:36:12 UTC 2024 - Use SKIP_LETS_ENCRYPT=y in mailcow.conf to skip it permanently.
acme-mailcow-1 | OK
- Edited
red_wolf2467 No A or AAAA record found for hostname smtp.avocloud.net
You have to configure your DNS records!
DNS setup - mailcow: dockerized documentation docs.mailcow.email
DocFraggle
DNS setup - mailcow: dockerized documentation docs.mailcow.email
I followed these settings.
Nowhere does it say anything about “smtp.xyc.com”. But I will add it and try again.
red_wolf2467
I have added the DNS entry (cname to the mail. ???).
I have replaced the certificates and restarted. unfortunately I still have the same error.
red_wolf2467 Cannot validate any hostnames, skipping Let’s Encrypt for 1 hour.
Letsencrypt can’t connect to port 80 to your host via IPv6
red_wolf2467 Confirmed AAAA record with IP 2a01:0239:0276:c300:0000:0000:0000:0001, but HTTP validation failed
You have to fix that, otherwise you won’t get the certificate
DocFraggle
Can you please tell me how to fix this, because unfortunately I don’t know how to do it.
Sorry, you’re using Cloudflare, no idea… if you don’t know how to configure Cloudflare, why do you use it? mailcow is built to run without Cloudflare.
- Edited
DocFraggle Ahh. do you mean that cloudflare automatically redirects to https? I can have a quick look there…
[unknown]
I have a nginx config that forwards everything with mail to https. Could this be the error?
`server {
listen 80;
server_name mail.avocloud.net;
return 301 https://$server_name$request_uri;}
server {
listen 443 ssl;
server_name mail.avocloud.net;
ssl_certificate /etc/letsencrypt/live/mail.avocloud.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mail.avocloud.net/privkey.pem;
location / {
proxy_pass https://MY_IP:9092;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}}`
I have a nginx config that forwards everything with mail to https. Could this be the error?
`server {
listen 80;
server_name mail.avocloud.net;
return 301 https://$server_name$request_uri;}
server {
listen 443 ssl;
server_name mail.avocloud.net;
ssl_certificate /etc/letsencrypt/live/mail.avocloud.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mail.avocloud.net/privkey.pem;
location / {
proxy_pass https://194.xxx.xx.xxx:9092;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}}
`
I have a nginx config that forwards everything with mail to https. Could this be the error?
`server {
listen 80;
server_name mail.avocloud.net;
return 301 https://$server_name$request_uri;}
server {
listen 443 ssl;
server_name mail.avocloud.net;
ssl_certificate /etc/letsencrypt/live/mail.avocloud.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mail.avocloud.net/privkey.pem;
location / {
proxy_pass https://194.xxx.xx.xxx:9092;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}}
`
Yes
red_wolf2467 Could this be the error?
Yes,
please use the official documentation for nginx reverse proxy:
Nginx - mailcow: dockerized documentation docs.mailcow.email
This is still due to the letsencrypt certificate not being issued
But it says “Certificates successfully” or did I miss something?
acme-mailcow-1 | OK
acme-mailcow-1 | Fri Dec 27 18:32:22 UTC 2024 - Initializing, please wait...
acme-mailcow-1 | Fri Dec 27 18:32:23 UTC 2024 - Using existing domain rsa key /var/lib/acme/acme/key.pem
acme-mailcow-1 | Fri Dec 27 18:32:23 UTC 2024 - Using existing Lets Encrypt account key /var/lib/acme/acme/account.pem
acme-mailcow-1 | Fri Dec 27 18:32:23 UTC 2024 - Detecting IP addresses...
acme-mailcow-1 | Fri Dec 27 18:32:23 UTC 2024 - OK: 194.164.59.157, 2a01:239:276:c300::1
acme-mailcow-1 | Fri Dec 27 18:32:23 UTC 2024 - Validated CAA for parent domain avocloud.net
acme-mailcow-1 | Fri Dec 27 18:32:23 UTC 2024 - Found AAAA record for smtp.avocloud.net: 2a01:239:276:c300::1 - skipping A record check
acme-mailcow-1 | Fri Dec 27 18:32:23 UTC 2024 - Confirmed AAAA record with IP 2a01:0239:0276:c300:0000:0000:0000:0001, but HTTP validation failed
acme-mailcow-1 | Fri Dec 27 18:32:23 UTC 2024 - Validated CAA for parent domain avocloud.net
acme-mailcow-1 | Fri Dec 27 18:32:23 UTC 2024 - Found AAAA record for autodiscover.avocloud.net: 2a01:239:276:c300::1 - skipping A record check
acme-mailcow-1 | Fri Dec 27 18:32:23 UTC 2024 - Confirmed AAAA record with IP 2a01:0239:0276:c300:0000:0000:0000:0001
acme-mailcow-1 | Fri Dec 27 18:32:23 UTC 2024 - Validated CAA for parent domain avocloud.net
acme-mailcow-1 | Fri Dec 27 18:32:23 UTC 2024 - Found AAAA record for autoconfig.avocloud.net: 2a01:239:276:c300::1 - skipping A record check
acme-mailcow-1 | Fri Dec 27 18:32:23 UTC 2024 - Confirmed AAAA record with IP 2a01:0239:0276:c300:0000:0000:0000:0001
acme-mailcow-1 | Fri Dec 27 18:32:23 UTC 2024 - Validated CAA for parent domain avocloud.net
acme-mailcow-1 | Fri Dec 27 18:32:23 UTC 2024 - Found AAAA record for mail.avocloud.net: 2a01:239:276:c300::1 - skipping A record check
acme-mailcow-1 | Fri Dec 27 18:32:23 UTC 2024 - Confirmed AAAA record with IP 2a01:0239:0276:c300:0000:0000:0000:0001
acme-mailcow-1 | Fri Dec 27 18:32:23 UTC 2024 - Certificate /var/lib/acme/mail.avocloud.net/cert.pem missing or changed domains 'mail.avocloud.net autoconfig.avocloud.net autodiscover.avocloud.net' - start obtaining
acme-mailcow-1 | Fri Dec 27 18:32:23 UTC 2024 - Copying shared private key for this certificate...
acme-mailcow-1 | Fri Dec 27 18:32:23 UTC 2024 - Checking resolver...
acme-mailcow-1 | Fri Dec 27 18:32:23 UTC 2024 - Resolver OK
acme-mailcow-1 | Fri Dec 27 18:32:23 UTC 2024 - Using command acme-tiny --account-key /var/lib/acme/acme/account.pem --disable-check --csr /var/lib/acme/mail.avocloud.net/acme.csr --acme-dir /var/www/acme/
acme-mailcow-1 | Parsing account key...
acme-mailcow-1 | Parsing CSR...
acme-mailcow-1 | Found domains: autodiscover.avocloud.net, mail.avocloud.net, autoconfig.avocloud.net
acme-mailcow-1 | Getting directory...
acme-mailcow-1 | Directory found!
acme-mailcow-1 | Registering account...
acme-mailcow-1 | Registered! Account ID: https://acme-v02.api.letsencrypt.org/acme/acct/2137240605
acme-mailcow-1 | Creating new order...
acme-mailcow-1 | Order created!
acme-mailcow-1 | Verifying autoconfig.avocloud.net...
acme-mailcow-1 | autoconfig.avocloud.net verified!
acme-mailcow-1 | Verifying autodiscover.avocloud.net...
acme-mailcow-1 | autodiscover.avocloud.net verified!
acme-mailcow-1 | Verifying mail.avocloud.net...
acme-mailcow-1 | mail.avocloud.net verified!
acme-mailcow-1 | Signing certificate...
acme-mailcow-1 | Certificate signed!
acme-mailcow-1 | Fri Dec 27 18:32:48 UTC 2024 - Deploying certificate /var/lib/acme/mail.avocloud.net/cert.pem...
acme-mailcow-1 | Fri Dec 27 18:32:48 UTC 2024 - Verified hashes.
acme-mailcow-1 | Fri Dec 27 18:32:48 UTC 2024 - Certificate successfully obtained
acme-mailcow-1 | Fri Dec 27 18:32:48 UTC 2024 - Reloading or restarting services... (1)
acme-mailcow-1 | Restarting 41dac52de915b167ff31e58254615b7c28787758a3449628ec911b83192d0405...
acme-mailcow-1 | command completed successfully
acme-mailcow-1 | Restarting d0ae2b34bf14fcffec7adee85fa7b442e26a7a3cc5a53e2175c783bc53ec278b...
acme-mailcow-1 | command completed successfully
acme-mailcow-1 | Restarting ef183c70122feb5b572e42ca91e3d00e00ed7b6b9f1f4bafb3b07409f9767056...
acme-mailcow-1 | command completed successfully
acme-mailcow-1 | Fri Dec 27 18:32:56 UTC 2024 - Waiting for containers to settle...
acme-mailcow-1 | Fri Dec 27 18:33:08 UTC 2024 - Certificates successfully requested and renewed where required, sleeping one day
DocFraggle
Yes, I know. The screenshot doesn’t help me much.
How should I solve this?
I have replaced the certificates, renewed them, changed the Nginx config. What else should I do?
Well, according to the logs the certificate was deployed successfully. Did you copy it from your mailcow to Cloudflare?
DocFraggle No, I did not?
