DocFraggle Ahh. do you mean that cloudflare automatically redirects to https? I can have a quick look there…

[unknown]

I have a nginx config that forwards everything with mail to https. Could this be the error?

`server {
listen 80;
server_name mail.avocloud.net;

return 301 https://$server_name$request_uri;

}

server {
listen 443 ssl;
server_name mail.avocloud.net;

ssl_certificate /etc/letsencrypt/live/mail.avocloud.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mail.avocloud.net/privkey.pem;

location / {
    proxy_pass https://MY_IP:9092; 
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_cache_bypass $http_upgrade;
}

}`

DocFraggle

I have a nginx config that forwards everything with mail to https. Could this be the error?

`server {
listen 80;
server_name mail.avocloud.net;

return 301 https://$server_name$request_uri;

}

server {
listen 443 ssl;
server_name mail.avocloud.net;

ssl_certificate /etc/letsencrypt/live/mail.avocloud.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mail.avocloud.net/privkey.pem;

location / {
    proxy_pass https://194.xxx.xx.xxx:9092; 
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_cache_bypass $http_upgrade;
}

}

`

DocFraggle

I have a nginx config that forwards everything with mail to https. Could this be the error?

`server {
listen 80;
server_name mail.avocloud.net;

return 301 https://$server_name$request_uri;

}

server {
listen 443 ssl;
server_name mail.avocloud.net;

ssl_certificate /etc/letsencrypt/live/mail.avocloud.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mail.avocloud.net/privkey.pem;

location / {
    proxy_pass https://194.xxx.xx.xxx:9092; 
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_cache_bypass $http_upgrade;
}

}

`

          esackbauer

          THANK YOU!
          Now the SMTP works, … .

          Unfortunately, I can no longer access the webUI…

            This is still due to the letsencrypt certificate not being issued

              DocFraggle

              But it says “Certificates successfully” or did I miss something?

              acme-mailcow-1  | OK
acme-mailcow-1  | Fri Dec 27 18:32:22 UTC 2024 - Initializing, please wait...
acme-mailcow-1  | Fri Dec 27 18:32:23 UTC 2024 - Using existing domain rsa key /var/lib/acme/acme/key.pem
acme-mailcow-1  | Fri Dec 27 18:32:23 UTC 2024 - Using existing Lets Encrypt account key /var/lib/acme/acme/account.pem
acme-mailcow-1  | Fri Dec 27 18:32:23 UTC 2024 - Detecting IP addresses...
acme-mailcow-1  | Fri Dec 27 18:32:23 UTC 2024 - OK: 194.164.59.157, 2a01:239:276:c300::1
acme-mailcow-1  | Fri Dec 27 18:32:23 UTC 2024 - Validated CAA for parent domain avocloud.net
acme-mailcow-1  | Fri Dec 27 18:32:23 UTC 2024 - Found AAAA record for smtp.avocloud.net: 2a01:239:276:c300::1 - skipping A record check
acme-mailcow-1  | Fri Dec 27 18:32:23 UTC 2024 - Confirmed AAAA record with IP 2a01:0239:0276:c300:0000:0000:0000:0001, but HTTP validation failed
acme-mailcow-1  | Fri Dec 27 18:32:23 UTC 2024 - Validated CAA for parent domain avocloud.net
acme-mailcow-1  | Fri Dec 27 18:32:23 UTC 2024 - Found AAAA record for autodiscover.avocloud.net: 2a01:239:276:c300::1 - skipping A record check
acme-mailcow-1  | Fri Dec 27 18:32:23 UTC 2024 - Confirmed AAAA record with IP 2a01:0239:0276:c300:0000:0000:0000:0001
acme-mailcow-1  | Fri Dec 27 18:32:23 UTC 2024 - Validated CAA for parent domain avocloud.net
acme-mailcow-1  | Fri Dec 27 18:32:23 UTC 2024 - Found AAAA record for autoconfig.avocloud.net: 2a01:239:276:c300::1 - skipping A record check
acme-mailcow-1  | Fri Dec 27 18:32:23 UTC 2024 - Confirmed AAAA record with IP 2a01:0239:0276:c300:0000:0000:0000:0001
acme-mailcow-1  | Fri Dec 27 18:32:23 UTC 2024 - Validated CAA for parent domain avocloud.net
acme-mailcow-1  | Fri Dec 27 18:32:23 UTC 2024 - Found AAAA record for mail.avocloud.net: 2a01:239:276:c300::1 - skipping A record check
acme-mailcow-1  | Fri Dec 27 18:32:23 UTC 2024 - Confirmed AAAA record with IP 2a01:0239:0276:c300:0000:0000:0000:0001
acme-mailcow-1  | Fri Dec 27 18:32:23 UTC 2024 - Certificate /var/lib/acme/mail.avocloud.net/cert.pem missing or changed domains 'mail.avocloud.net autoconfig.avocloud.net autodiscover.avocloud.net' - start obtaining
acme-mailcow-1  | Fri Dec 27 18:32:23 UTC 2024 - Copying shared private key for this certificate...
acme-mailcow-1  | Fri Dec 27 18:32:23 UTC 2024 - Checking resolver...
acme-mailcow-1  | Fri Dec 27 18:32:23 UTC 2024 - Resolver OK
acme-mailcow-1  | Fri Dec 27 18:32:23 UTC 2024 - Using command acme-tiny   --account-key /var/lib/acme/acme/account.pem --disable-check --csr /var/lib/acme/mail.avocloud.net/acme.csr --acme-dir /var/www/acme/
acme-mailcow-1  | Parsing account key...
acme-mailcow-1  | Parsing CSR...
acme-mailcow-1  | Found domains: autodiscover.avocloud.net, mail.avocloud.net, autoconfig.avocloud.net
acme-mailcow-1  | Getting directory...
acme-mailcow-1  | Directory found!
acme-mailcow-1  | Registering account...
acme-mailcow-1  | Registered! Account ID: https://acme-v02.api.letsencrypt.org/acme/acct/2137240605
acme-mailcow-1  | Creating new order...
acme-mailcow-1  | Order created!
acme-mailcow-1  | Verifying autoconfig.avocloud.net...
acme-mailcow-1  | autoconfig.avocloud.net verified!
acme-mailcow-1  | Verifying autodiscover.avocloud.net...
acme-mailcow-1  | autodiscover.avocloud.net verified!
acme-mailcow-1  | Verifying mail.avocloud.net...
acme-mailcow-1  | mail.avocloud.net verified!
acme-mailcow-1  | Signing certificate...
acme-mailcow-1  | Certificate signed!
acme-mailcow-1  | Fri Dec 27 18:32:48 UTC 2024 - Deploying certificate /var/lib/acme/mail.avocloud.net/cert.pem...
acme-mailcow-1  | Fri Dec 27 18:32:48 UTC 2024 - Verified hashes.
acme-mailcow-1  | Fri Dec 27 18:32:48 UTC 2024 - Certificate successfully obtained
acme-mailcow-1  | Fri Dec 27 18:32:48 UTC 2024 - Reloading or restarting services... (1)
acme-mailcow-1  | Restarting 41dac52de915b167ff31e58254615b7c28787758a3449628ec911b83192d0405...
acme-mailcow-1  | command completed successfully
acme-mailcow-1  | Restarting d0ae2b34bf14fcffec7adee85fa7b442e26a7a3cc5a53e2175c783bc53ec278b...
acme-mailcow-1  | command completed successfully
acme-mailcow-1  | Restarting ef183c70122feb5b572e42ca91e3d00e00ed7b6b9f1f4bafb3b07409f9767056...
acme-mailcow-1  | command completed successfully
acme-mailcow-1  | Fri Dec 27 18:32:56 UTC 2024 - Waiting for containers to settle...
acme-mailcow-1  | Fri Dec 27 18:33:08 UTC 2024 - Certificates successfully requested and renewed where required, sleeping one day

                DocFraggle
                Yes, I know. The screenshot doesn’t help me much.
                How should I solve this?
                I have replaced the certificates, renewed them, changed the Nginx config. What else should I do?

                  Well, according to the logs the certificate was deployed successfully. Did you copy it from your mailcow to Cloudflare?

                    As I wrote before, I don’t have the slightest idea of Cloudflare. Maybe just point your DNS records directly to your mailcow and everything will work as intended

                      The domain is DNS only, cloudflare proxy is disabled there.

                      DocFraggle

                      I have solved the problem.
                      I have set the local IP 172…. in the NGINX config. to the public server domain (since my server has the code name “solyra”) solyra.avocloud.net. Now everything works.

                      Thanks for your help.

                        No one is typing