DocFraggle
DNS setup - mailcow: dockerized documentation docs.mailcow.email
I followed these settings.
EnglishSSL error?
Nowhere does it say anything about “smtp.xyc.com”. But I will add it and try again.
red_wolf2467
I have added the DNS entry (cname to the mail. ???).
I have replaced the certificates and restarted. unfortunately I still have the same error.
red_wolf2467 Cannot validate any hostnames, skipping Let’s Encrypt for 1 hour.
Letsencrypt can’t connect to port 80 to your host via IPv6
red_wolf2467 Confirmed AAAA record with IP 2a01:0239:0276:c300:0000:0000:0000:0001, but HTTP validation failed
You have to fix that, otherwise you won’t get the certificate
DocFraggle
Can you please tell me how to fix this, because unfortunately I don’t know how to do it.
Sorry, you’re using Cloudflare, no idea… if you don’t know how to configure Cloudflare, why do you use it? mailcow is built to run without Cloudflare.
- Edited
DocFraggle Ahh. do you mean that cloudflare automatically redirects to https? I can have a quick look there…
[unknown]
I have a nginx config that forwards everything with mail to https. Could this be the error?
`server {
listen 80;
server_name mail.avocloud.net;
return 301 https://$server_name$request_uri;}
server {
listen 443 ssl;
server_name mail.avocloud.net;
ssl_certificate /etc/letsencrypt/live/mail.avocloud.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mail.avocloud.net/privkey.pem;
location / {
proxy_pass https://MY_IP:9092;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}}`
I have a nginx config that forwards everything with mail to https. Could this be the error?
`server {
listen 80;
server_name mail.avocloud.net;
return 301 https://$server_name$request_uri;}
server {
listen 443 ssl;
server_name mail.avocloud.net;
ssl_certificate /etc/letsencrypt/live/mail.avocloud.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mail.avocloud.net/privkey.pem;
location / {
proxy_pass https://194.xxx.xx.xxx:9092;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}}
`
I have a nginx config that forwards everything with mail to https. Could this be the error?
`server {
listen 80;
server_name mail.avocloud.net;
return 301 https://$server_name$request_uri;}
server {
listen 443 ssl;
server_name mail.avocloud.net;
ssl_certificate /etc/letsencrypt/live/mail.avocloud.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mail.avocloud.net/privkey.pem;
location / {
proxy_pass https://194.xxx.xx.xxx:9092;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}}
`
Yes
red_wolf2467 Could this be the error?
Yes,
please use the official documentation for nginx reverse proxy:
Nginx - mailcow: dockerized documentation docs.mailcow.email
This is still due to the letsencrypt certificate not being issued
But it says “Certificates successfully” or did I miss something?
acme-mailcow-1 | OK
acme-mailcow-1 | Fri Dec 27 18:32:22 UTC 2024 - Initializing, please wait...
acme-mailcow-1 | Fri Dec 27 18:32:23 UTC 2024 - Using existing domain rsa key /var/lib/acme/acme/key.pem
acme-mailcow-1 | Fri Dec 27 18:32:23 UTC 2024 - Using existing Lets Encrypt account key /var/lib/acme/acme/account.pem
acme-mailcow-1 | Fri Dec 27 18:32:23 UTC 2024 - Detecting IP addresses...
acme-mailcow-1 | Fri Dec 27 18:32:23 UTC 2024 - OK: 194.164.59.157, 2a01:239:276:c300::1
acme-mailcow-1 | Fri Dec 27 18:32:23 UTC 2024 - Validated CAA for parent domain avocloud.net
acme-mailcow-1 | Fri Dec 27 18:32:23 UTC 2024 - Found AAAA record for smtp.avocloud.net: 2a01:239:276:c300::1 - skipping A record check
acme-mailcow-1 | Fri Dec 27 18:32:23 UTC 2024 - Confirmed AAAA record with IP 2a01:0239:0276:c300:0000:0000:0000:0001, but HTTP validation failed
acme-mailcow-1 | Fri Dec 27 18:32:23 UTC 2024 - Validated CAA for parent domain avocloud.net
acme-mailcow-1 | Fri Dec 27 18:32:23 UTC 2024 - Found AAAA record for autodiscover.avocloud.net: 2a01:239:276:c300::1 - skipping A record check
acme-mailcow-1 | Fri Dec 27 18:32:23 UTC 2024 - Confirmed AAAA record with IP 2a01:0239:0276:c300:0000:0000:0000:0001
acme-mailcow-1 | Fri Dec 27 18:32:23 UTC 2024 - Validated CAA for parent domain avocloud.net
acme-mailcow-1 | Fri Dec 27 18:32:23 UTC 2024 - Found AAAA record for autoconfig.avocloud.net: 2a01:239:276:c300::1 - skipping A record check
acme-mailcow-1 | Fri Dec 27 18:32:23 UTC 2024 - Confirmed AAAA record with IP 2a01:0239:0276:c300:0000:0000:0000:0001
acme-mailcow-1 | Fri Dec 27 18:32:23 UTC 2024 - Validated CAA for parent domain avocloud.net
acme-mailcow-1 | Fri Dec 27 18:32:23 UTC 2024 - Found AAAA record for mail.avocloud.net: 2a01:239:276:c300::1 - skipping A record check
acme-mailcow-1 | Fri Dec 27 18:32:23 UTC 2024 - Confirmed AAAA record with IP 2a01:0239:0276:c300:0000:0000:0000:0001
acme-mailcow-1 | Fri Dec 27 18:32:23 UTC 2024 - Certificate /var/lib/acme/mail.avocloud.net/cert.pem missing or changed domains 'mail.avocloud.net autoconfig.avocloud.net autodiscover.avocloud.net' - start obtaining
acme-mailcow-1 | Fri Dec 27 18:32:23 UTC 2024 - Copying shared private key for this certificate...
acme-mailcow-1 | Fri Dec 27 18:32:23 UTC 2024 - Checking resolver...
acme-mailcow-1 | Fri Dec 27 18:32:23 UTC 2024 - Resolver OK
acme-mailcow-1 | Fri Dec 27 18:32:23 UTC 2024 - Using command acme-tiny --account-key /var/lib/acme/acme/account.pem --disable-check --csr /var/lib/acme/mail.avocloud.net/acme.csr --acme-dir /var/www/acme/
acme-mailcow-1 | Parsing account key...
acme-mailcow-1 | Parsing CSR...
acme-mailcow-1 | Found domains: autodiscover.avocloud.net, mail.avocloud.net, autoconfig.avocloud.net
acme-mailcow-1 | Getting directory...
acme-mailcow-1 | Directory found!
acme-mailcow-1 | Registering account...
acme-mailcow-1 | Registered! Account ID: https://acme-v02.api.letsencrypt.org/acme/acct/2137240605
acme-mailcow-1 | Creating new order...
acme-mailcow-1 | Order created!
acme-mailcow-1 | Verifying autoconfig.avocloud.net...
acme-mailcow-1 | autoconfig.avocloud.net verified!
acme-mailcow-1 | Verifying autodiscover.avocloud.net...
acme-mailcow-1 | autodiscover.avocloud.net verified!
acme-mailcow-1 | Verifying mail.avocloud.net...
acme-mailcow-1 | mail.avocloud.net verified!
acme-mailcow-1 | Signing certificate...
acme-mailcow-1 | Certificate signed!
acme-mailcow-1 | Fri Dec 27 18:32:48 UTC 2024 - Deploying certificate /var/lib/acme/mail.avocloud.net/cert.pem...
acme-mailcow-1 | Fri Dec 27 18:32:48 UTC 2024 - Verified hashes.
acme-mailcow-1 | Fri Dec 27 18:32:48 UTC 2024 - Certificate successfully obtained
acme-mailcow-1 | Fri Dec 27 18:32:48 UTC 2024 - Reloading or restarting services... (1)
acme-mailcow-1 | Restarting 41dac52de915b167ff31e58254615b7c28787758a3449628ec911b83192d0405...
acme-mailcow-1 | command completed successfully
acme-mailcow-1 | Restarting d0ae2b34bf14fcffec7adee85fa7b442e26a7a3cc5a53e2175c783bc53ec278b...
acme-mailcow-1 | command completed successfully
acme-mailcow-1 | Restarting ef183c70122feb5b572e42ca91e3d00e00ed7b6b9f1f4bafb3b07409f9767056...
acme-mailcow-1 | command completed successfully
acme-mailcow-1 | Fri Dec 27 18:32:56 UTC 2024 - Waiting for containers to settle...
acme-mailcow-1 | Fri Dec 27 18:33:08 UTC 2024 - Certificates successfully requested and renewed where required, sleeping one day
DocFraggle
Yes, I know. The screenshot doesn’t help me much.
How should I solve this?
I have replaced the certificates, renewed them, changed the Nginx config. What else should I do?
Well, according to the logs the certificate was deployed successfully. Did you copy it from your mailcow to Cloudflare?
DocFraggle No, I did not?
- Edited
red_wolf2467 Let’s go then!
- Edited
As I wrote before, I don’t have the slightest idea of Cloudflare. Maybe just point your DNS records directly to your mailcow and everything will work as intended