EnglishWhen the steps are followed to request a certificate with the acme-mailcow container i get the error No A or AAAA record found for hostname autodiscover.{Fill my domain name}
Cannot validate any hostnames, skipping Let’s Encrypt for 1 hour.
When I execute a dig command on the mailcow host it gives back the correct A record and ip address.
The container also recognizes the correct public ip. but the host is nated behind a firewall but http is allowed
acme-mailcow-1 | Tue Mar 18 16:31:54 CET 2025 - Initializing, please wait…
acme-mailcow-1 | Tue Mar 18 16:31:54 CET 2025 - Using existing domain rsa key /var/lib/acme/acme/key.pem
acme-mailcow-1 | Tue Mar 18 16:31:54 CET 2025 - Using existing Lets Encrypt account key /var/lib/acme/acme/account.pem
acme-mailcow-1 | Tue Mar 18 16:31:54 CET 2025 - Detecting IP addresses…
acme-mailcow-1 | Tue Mar 18 16:32:14 CET 2025 - OK: 213.133.102.211, 0000:0000:0000:0000:0000:0000:0000:0000
acme-mailcow-1 | Tue Mar 18 16:32:26 CET 2025 - No A or AAAA record found for hostname autodiscover.weirdgang.be
acme-mailcow-1 | Tue Mar 18 16:32:38 CET 2025 - No A or AAAA record found for hostname autoconfig.weirdgang.be
acme-mailcow-1 | Tue Mar 18 16:32:50 CET 2025 - No A or AAAA record found for hostname mail.weirdgang.be
acme-mailcow-1 | Tue Mar 18 16:32:50 CET 2025 - No A or AAAA record found for hostname smtp*
acme-mailcow-1 | Tue Mar 18 16:32:50 CET 2025 - Cannot validate any hostnames, skipping Let’s Encrypt for 1 hour.
acme-mailcow-1 | Tue Mar 18 16:32:50 CET 2025 - Use SKIP_LETS_ENCRYPT=y in mailcow.conf to skip it permanently.
acme-mailcow-1 | OK
Have something to say?
Join the community by quickly registering to participate in this discussion. We'd like to see you joining our great moo-community!
Grumpyxiii but the host is nated behind a firewall
Check if DNS traffic from inside the ACME container to the root hint servers is blocked
DocFraggle Check if DNS traffic from inside the ACME container to the root hint servers is blocked
Thank you for the hint
I checked if the acme could reach the root servers and this was the case
`root@DE00-MAILCOW-00:/opt/mailcow-dockerized# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS
NAMES
1edeaf152827 robbertkl/ipv6nat “/docker-ipv6nat-com…” 4 hours ago Up 3 minutes
mailcowdockerized-ipv6nat-mailcow-1
1b131ad96bc6 ghcr.io/mailcow/watchdog:2.06 “/watchdog.sh” 4 hours ago Up 3 minutes
mailcowdockerized-watchdog-mailcow-1
0e1e3c317930 ghcr.io/mailcow/acme:1.91 “/sbin/tini -g – /s…” 4 hours ago Up 3 minutes
mailcowdockerized-acme-mailcow-1
b5a1f98b52bb ghcr.io/mailcow/nginx:1.03 “/docker-entrypoint.…” 4 hours ago Up 3 minutes 0.0.0.0:80->80/tcp, [::]:80->80/tcp, 0.0.0.0:443->443/tcp, [::]:443->443/tcp
mailcowdockerized-nginx-mailcow-1
8ac3150d307c ghcr.io/mailcow/rspamd:2.0 “/docker-entrypoint.…” 4 hours ago Up 3 minutes
mailcowdockerized-rspamd-mailcow-1
32ad92d0c2de mcuadros/ofelia:latest “/usr/bin/ofelia dae…” 4 hours ago Up 3 minutes
mailcowdockerized-ofelia-mailcow-1
b57d66c95daa ghcr.io/mailcow/dovecot:2.31 “/docker-entrypoint.…” 4 hours ago Up 3 minutes 0.0.0.0:110->110/tcp, [::]:110->110/tcp, 0.0.0.0:143->143/tcp, [::]:143->143/tcp, 0.0.0.0:993->993/tcp, [::]:993->993/tcp, 0.0.0.0:995->995/tcp, [::]:995->995/tcp, 0.0.0.0:4190->4190/tcp, [::]:4190->4190/tcp, 127.0.0.1:19991->12345/tcp mailcowdockerized-dovecot-mailcow-1
34f673d68a6f ghcr.io/mailcow/postfix:1.80 “/docker-entrypoint.…” 4 hours ago Up 3 minutes 0.0.0.0:25->25/tcp, [::]:25->25/tcp, 0.0.0.0:465->465/tcp, [::]:465->465/tcp, 0.0.0.0:587->587/tcp, [::]:587->587/tcp, 588/tcp mailcowdockerized-postfix-mailcow-1
cd9aaed5cb55 ghcr.io/mailcow/phpfpm:1.92 “/docker-entrypoint.…” 4 hours ago Up 3 minutes 9000/tcp
mailcowdockerized-php-fpm-mailcow-1
e855519acc46 mariadb:10.11 “docker-entrypoint.s…” 4 hours ago Up 3 minutes 127.0.0.1:13306->3306/tcp
mailcowdockerized-mysql-mailcow-1
843078ded52c ghcr.io/mailcow/clamd:1.70 “/sbin/tini -g – /c…” 4 hours ago Up 3 minutes (healthy)
mailcowdockerized-clamd-mailcow-1
033aafb6e2cc redis:7.4.2-alpine “/bin/sh /redis-conf…” 4 hours ago Up 3 minutes 127.0.0.1:7654->6379/tcp
mailcowdockerized-redis-mailcow-1
ea332d9ab606 ghcr.io/mailcow/olefy:1.13 “python3 -u /app/ole…” 4 hours ago Up 3 minutes
mailcowdockerized-olefy-mailcow-1
f2124dc1d757 ghcr.io/mailcow/netfilter:1.61 “/bin/sh -c /app/doc…” 4 hours ago Up 3 minutes
mailcowdockerized-netfilter-mailcow-1
f2b34291254a ghcr.io/mailcow/dockerapi:2.10 “/bin/sh /app/docker…” 4 hours ago Up 3 minutes
mailcowdockerized-dockerapi-mailcow-1
909be21adbe1 ghcr.io/mailcow/unbound:1.23 “/docker-entrypoint.…” 4 hours ago Up 3 minutes (healthy) 53/tcp, 53/udp
mailcowdockerized-unbound-mailcow-1
4600b9c34429 ghcr.io/mailcow/sogo:1.129 “/docker-entrypoint.…” 4 hours ago Up 3 minutes
mailcowdockerized-sogo-mailcow-1
a581ac3e4c7c memcached:alpine “docker-entrypoint.s…” 4 hours ago Up 3 minutes 11211/tcp
mailcowdockerized-memcached-mailcow-1
root@DE00-MAILCOW-00:/opt/mailcow-dockerized# docker container exec 0e1e3c31793 dig . ns +edns=0 @f.root-servers.net.
; <<>> DiG 9.18.34 <<>> . ns +edns=0 @f.root-servers.net.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6148
;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 27
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 518400 IN NS g.root-servers.net.
. 518400 IN NS j.root-servers.net.
. 518400 IN NS h.root-servers.net.
. 518400 IN NS m.root-servers.net.
. 518400 IN NS c.root-servers.net.
. 518400 IN NS a.root-servers.net.
. 518400 IN NS f.root-servers.net.
. 518400 IN NS e.root-servers.net.
. 518400 IN NS d.root-servers.net.
. 518400 IN NS l.root-servers.net.
. 518400 IN NS k.root-servers.net.
. 518400 IN NS b.root-servers.net.
. 518400 IN NS i.root-servers.net.
;; ADDITIONAL SECTION:
g.root-servers.net. 518400 IN A 192.112.36.4
g.root-servers.net. 518400 IN AAAA 2001:500:12::d0d
j.root-servers.net. 518400 IN A 192.58.128.30
j.root-servers.net. 518400 IN AAAA 2001:503:c27::2:30
h.root-servers.net. 518400 IN A 198.97.190.53
h.root-servers.net. 518400 IN AAAA 2001:500:1::53
m.root-servers.net. 518400 IN A 202.12.27.33
m.root-servers.net. 518400 IN AAAA 2001:dc3::35
c.root-servers.net. 518400 IN A 192.33.4.12
c.root-servers.net. 518400 IN AAAA 2001:500:2::c
a.root-servers.net. 518400 IN A 198.41.0.4
a.root-servers.net. 518400 IN AAAA 2001:503:ba3e::2:30
f.root-servers.net. 518400 IN A 192.5.5.241
f.root-servers.net. 518400 IN AAAA 2001:500:2f::f
e.root-servers.net. 518400 IN A 192.203.230.10
e.root-servers.net. 518400 IN AAAA 2001:500:a8::e
d.root-servers.net. 518400 IN A 199.7.91.13
d.root-servers.net. 518400 IN AAAA 2001:500:2d::d
l.root-servers.net. 518400 IN A 199.7.83.42
l.root-servers.net. 518400 IN AAAA 2001:500:9f::42
k.root-servers.net. 518400 IN A 193.0.14.129
k.root-servers.net. 518400 IN AAAA 2001:7fd::1
b.root-servers.net. 518400 IN A 170.247.170.2
b.root-servers.net. 518400 IN AAAA 2801:1b8:10::b
i.root-servers.net. 518400 IN A 192.36.148.17
i.root-servers.net. 518400 IN AAAA 2001:7fe::53
;; Query time: 11 msec
;; SERVER: 192.5.5.241#53(f.root-servers.net.) (UDP)
;; WHEN: Tue Mar 18 18:50:20 CET 2025
;; MSG SIZE rcvd: 811`
Slightly misunderstood the question…
When doing a dig in the container all domains work except my own domain.
When i define 1.1.1.1 as the resolver the command does work
root@DE00-MAILCOW-00:/opt/mailcow-dockerized# docker container exec 0e1e3c31793 dig google.com
; <<>> DiG 9.18.34 <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45456
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 150 IN A 142.250.186.174
;; Query time: 0 msec
;; SERVER: 127.0.0.11#53(127.0.0.11) (UDP)
;; WHEN: Tue Mar 18 19:10:23 CET 2025
;; MSG SIZE rcvd: 55
root@DE00-MAILCOW-00:/opt/mailcow-dockerized# docker container exec 0e1e3c31793 dig ns1.weirdgang.be
; <<>> DiG 9.18.34 <<>> ns1.weirdgang.be
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 45636
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;ns1.weirdgang.be. IN A
;; Query time: 3 msec
;; SERVER: 127.0.0.11#53(127.0.0.11) (UDP)
;; WHEN: Tue Mar 18 19:10:27 CET 2025
;; MSG SIZE rcvd: 34
root@DE00-MAILCOW-00:/opt/mailcow-dockerized# docker container exec 0e1e3c31793 dig ns1.weirdgang.be @1.1.1.1
; <<>> DiG 9.18.34 <<>> ns1.weirdgang.be @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6973
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;ns1.weirdgang.be. IN A
;; ANSWER SECTION:
ns1.weirdgang.be. 600 IN A 213.133.102.210
;; Query time: 103 msec
;; SERVER: 1.1.1.1#53(1.1.1.1) (UDP)
;; WHEN: Tue Mar 18 19:09:32 CET 2025
;; MSG SIZE rcvd: 61
Slightly misunderstood the question…
When doing a dig in the container all domains work except my own domain.
When i define 1.1.1.1 as the resolver the command does work
root@DE00-MAILCOW-00:/opt/mailcow-dockerized# docker container exec 0e1e3c31793 dig google.com
; <<>> DiG 9.18.34 <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45456
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 150 IN A 142.250.186.174
;; Query time: 0 msec
;; SERVER: 127.0.0.11#53(127.0.0.11) (UDP)
;; WHEN: Tue Mar 18 19:10:23 CET 2025
;; MSG SIZE rcvd: 55
root@DE00-MAILCOW-00:/opt/mailcow-dockerized# docker container exec 0e1e3c31793 dig ns1.weirdgang.be
; <<>> DiG 9.18.34 <<>> ns1.weirdgang.be
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 45636
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;ns1.weirdgang.be. IN A
;; Query time: 3 msec
;; SERVER: 127.0.0.11#53(127.0.0.11) (UDP)
;; WHEN: Tue Mar 18 19:10:27 CET 2025
;; MSG SIZE rcvd: 34
root@DE00-MAILCOW-00:/opt/mailcow-dockerized# docker container exec 0e1e3c31793 dig ns1.weirdgang.be @1.1.1.1
; <<>> DiG 9.18.34 <<>> ns1.weirdgang.be @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6973
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;ns1.weirdgang.be. IN A
;; ANSWER SECTION:
ns1.weirdgang.be. 600 IN A 213.133.102.210
;; Query time: 103 msec
;; SERVER: 1.1.1.1#53(1.1.1.1) (UDP)
;; WHEN: Tue Mar 18 19:09:32 CET 2025
;; MSG SIZE rcvd: 61
Slightly misunderstood the question…
When doing a dig in the container all domains work except my own domain.
When i define 1.1.1.1 as the resolver the command does work
root@DE00-MAILCOW-00:/opt/mailcow-dockerized# docker container exec 0e1e3c31793 dig google.com
; <<>> DiG 9.18.34 <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45456
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 150 IN A 142.250.186.174
;; Query time: 0 msec
;; SERVER: 127.0.0.11#53(127.0.0.11) (UDP)
;; WHEN: Tue Mar 18 19:10:23 CET 2025
;; MSG SIZE rcvd: 55
root@DE00-MAILCOW-00:/opt/mailcow-dockerized# docker container exec 0e1e3c31793 dig ns1.weirdgang.be
; <<>> DiG 9.18.34 <<>> ns1.weirdgang.be
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 45636
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;ns1.weirdgang.be. IN A
;; Query time: 3 msec
;; SERVER: 127.0.0.11#53(127.0.0.11) (UDP)
;; WHEN: Tue Mar 18 19:10:27 CET 2025
;; MSG SIZE rcvd: 34
root@DE00-MAILCOW-00:/opt/mailcow-dockerized# docker container exec 0e1e3c31793 dig ns1.weirdgang.be @1.1.1.1
; <<>> DiG 9.18.34 <<>> ns1.weirdgang.be @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6973
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;ns1.weirdgang.be. IN A
;; ANSWER SECTION:
ns1.weirdgang.be. 600 IN A 213.133.102.210
;; Query time: 103 msec
;; SERVER: 1.1.1.1#53(1.1.1.1) (UDP)
;; WHEN: Tue Mar 18 19:09:32 CET 2025
;; MSG SIZE rcvd: 61
Slightly misunderstood the question…
When doing a dig in the container all domains work except my own domain.
When i define 1.1.1.1 as the resolver the command does work
`Slightly misunderstood the question…
When doing a dig in the container all domains work except my own domain.
When i define 1.1.1.1 as the resolver the command does work
`Slightly misunderstood the question…
When doing a dig in the container all domains work except my own domain.
When i define 1.1.1.1 as the resolver the command does work
root@DE00-MAILCOW-00:/opt/mailcow-dockerized# docker container exec 0e1e3c31793 dig google.com
; <<>> DiG 9.18.34 <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45456
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 150 IN A 142.250.186.174
;; Query time: 0 msec
;; SERVER: 127.0.0.11#53(127.0.0.11) (UDP)
;; WHEN: Tue Mar 18 19:10:23 CET 2025
;; MSG SIZE rcvd: 55
root@DE00-MAILCOW-00:/opt/mailcow-dockerized# docker container exec 0e1e3c31793 dig ns1.weirdgang.be
; <<>> DiG 9.18.34 <<>> ns1.weirdgang.be
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 45636
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;ns1.weirdgang.be. IN A
;; Query time: 3 msec
;; SERVER: 127.0.0.11#53(127.0.0.11) (UDP)
;; WHEN: Tue Mar 18 19:10:27 CET 2025
;; MSG SIZE rcvd: 34
root@DE00-MAILCOW-00:/opt/mailcow-dockerized# docker container exec 0e1e3c31793 dig ns1.weirdgang.be @1.1.1.1
; <<>> DiG 9.18.34 <<>> ns1.weirdgang.be @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6973
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;ns1.weirdgang.be. IN A
;; ANSWER SECTION:
ns1.weirdgang.be. 600 IN A 213.133.102.210
;; Query time: 103 msec
;; SERVER: 1.1.1.1#53(1.1.1.1) (UDP)
;; WHEN: Tue Mar 18 19:09:32 CET 2025
;; MSG SIZE rcvd: 61
`
Slightly misunderstood the question…
When doing a dig in the container all domains work except my own domain.
When i define 1.1.1.1 as the resolver the command does work
[unknown]
Slightly misunderstood the question…
When doing a dig in the container all domains work except my own domain.
When i define 1.1.1.1 as the resolver the command does work
[unknown]
Slightly misunderstood the question…
When doing a dig in the container all domains work except my own domain.
When i define 1.1.1.1 as the resolver the command does work
[unknown] Slightly misunderstood the question…
When doing a dig in the container all domains work except my own domain.
When i define 1.1.1.1 as the resolver the command does work
DocFraggle Slightly misunderstood the question…
When doing a dig in the container all domains work except my own domain.
When i define 1.1.1.1 as the resolver the command does work
if i dig from the container my nameservers are unreachable
if i dig from the container my nameservers are unreachable
Please disable any local firewall like UFW or firewalld, and disable SELinux.
Have you opened all required ports, esp. port 53 TCP and UDP outgoing? you should be able to use nslookup with your DNS server ns1.weirdgang.be from within the acme container.
It seems like a firewall issue to me.
Pls check also:
Prepare your system - mailcow: dockerized documentation docs.mailcow.email
Hi Thank you for the extra information.
There is no ufw running on the system and the firewalld was never started. I have disabled the SELinux. I have followed the entire Prepare your system part of the documentation.
The container can only resolve the host when a name server has been given to the dig command. There seems to be no firewall restriction going on since the host itself can perfectly resolve all the host-names even without giving the dig command a server.
root@DE00-MAILCOW-00:/opt/mailcow-dockerized# docker container exec 0e1e3c31793 dig mail.weirdgang.be @213.133.102.211
; <<>> DiG 9.18.34 <<>> mail.weirdgang.be @213.133.102.211
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32776
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;mail.weirdgang.be. IN A
;; ANSWER SECTION:
mail.weirdgang.be. 579 IN A 213.133.102.211
;; Query time: 0 msec
;; SERVER: 213.133.102.211#53(213.133.102.211) (UDP)
;; WHEN: Tue Mar 18 23:28:42 CET 2025
;; MSG SIZE rcvd: 51
root@DE00-MAILCOW-00:/opt/mailcow-dockerized# docker container exec 0e1e3c31793 dig mail.weirdgang.be
; <<>> DiG 9.18.34 <<>> mail.weirdgang.be
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 32245
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;mail.weirdgang.be. IN A
;; Query time: 0 msec
;; SERVER: 127.0.0.11#53(127.0.0.11) (UDP)
;; WHEN: Tue Mar 18 23:29:04 CET 2025
;; MSG SIZE rcvd: 35
root@DE00-MAILCOW-00:/opt/mailcow-dockerized# docker container exec 0e1e3c31793 nslookup mail.weirdgang.be
;; Got SERVFAIL reply from 127.0.0.11
Server: 127.0.0.11
Address: 127.0.0.11#53
** server can’t find mail.weirdgang.be: SERVFAIL
root@DE00-MAILCOW-00:/opt/mailcow-dockerized# nslookup mail.weirdgang.be
Server: 10.10.201.1
Address: 10.10.201.1#53
Non-authoritative answer:
Name: mail.weirdgang.be
Address: 213.133.102.211
Please add the “+trace” option to see where things go south
root@DE00-MAILCOW-00:/opt/mailcow-dockerized# docker container exec 0e1e3c31793 dig weirdgang.be +trace
; <<>> DiG 9.18.34 <<>> weirdgang.be +trace
;; global options: +cmd
. 36463 IN NS g.root-servers.net.
. 36463 IN NS j.root-servers.net.
. 36463 IN NS m.root-servers.net.
. 36463 IN NS d.root-servers.net.
. 36463 IN NS a.root-servers.net.
. 36463 IN NS b.root-servers.net.
. 36463 IN NS h.root-servers.net.
. 36463 IN NS f.root-servers.net.
. 36463 IN NS i.root-servers.net.
. 36463 IN NS e.root-servers.net.
. 36463 IN NS c.root-servers.net.
. 36463 IN NS l.root-servers.net.
. 36463 IN NS k.root-servers.net.
. 36463 IN RRSIG NS 8 0 518400 20250331200000 20250318190000 26470 . F8OjrzKC3Jc0MDk5IBjoqO03nW3Eul7+G1ceS8HduscVpmEtx1YqH0SA EkCd+CPQN6ceJpuwNvdYJYeacnwTshzYlhQnILDZH4GHAk6qHnUrS5ij Vy+mupfvQuWncElB5j9HL8/qFk1Z7VoKUidKpH0RpjIgptEvKG5uNuQS krMRdc5jj1VaEK3ewnF20bYOTtliDzJMxXaeiRIVUbkUG+rH8XjZNvDe xyZgZM2q+RMQUQybzkJk3Qgl5fgDbryEe7i8XUWUrwl94zMrXYNHjy1g FPJ16+yrMS5WOMIJRJZMJmYW3MRqVWEE16o/dRyrhCMLeK4gAVI2sSzs FLVMcA==
;; Received 525 bytes from 127.0.0.11#53(127.0.0.11) in 0 ms
;; communications error to 2001:500:a8::e#53: timed out
;; communications error to 2001:500:a8::e#53: timed out
;; communications error to 2001:500:a8::e#53: timed out
be. 172800 IN NS a.nsset.be.
be. 172800 IN NS b.nsset.be.
be. 172800 IN NS c.nsset.be.
be. 172800 IN NS d.nsset.be.
be. 172800 IN NS y.nsset.be.
be. 172800 IN NS z.nsset.be.
be. 86400 IN DS 52756 8 2 5485AC33DD7C7ED237EA2A4BD269731C816960FE181042024484B5CE CA6ECC9F
be. 86400 IN RRSIG DS 8 1 86400 20250401050000 20250319040000 26470 . aYE9XUKrJvZJxix+xt+bm6nkEV1yQs2qg7cHtwHJvSufv5w7Qj/0Q1AG Rljo8SGPYk/Z2qI/uhQBGLWJFMQW92Twy4oxq7yoFf+tRv2PkueoTatT TWonKsBfjytlW4YA1sAqfrS5NzMh0tAU3wh814zJyyno81uSWIisx1Vf Q4zQxUJvqhMLWxNLd0DGU6UUUMPvD3Q80vjW5i8PgR1zb8SyjTxvfEaU TnurKjC4vwqziKMzEcQpIAI/lp1kizllNh3UiR0WQOUWJGy+xN8k9W0f jXvN4J8ECJ+AQipFs3nwyXMKcpAtyqymwUIUj3X3K6wZrwyTz50ZRBjg DizHAw==
;; Received 742 bytes from 198.97.190.53#53(h.root-servers.net) in 3 ms
weirdgang.be. 86400 IN NS ns1.weirdgang.be.
weirdgang.be. 86400 IN NS ns2.weirdgang.be.
PDRPQGS0T19R8QUL7C2H4BHNB7AGH1B8.be. 600 IN NSEC3 1 1 0 - PDRRMAHC5LLBO4DHP1J3TFP2JERSM6G0 NS SOA RRSIG DNSKEY NSEC3PARAM
PDRPQGS0T19R8QUL7C2H4BHNB7AGH1B8.be. 600 IN RRSIG NSEC3 8 2 600 20250409122155 20250318203149 29088 be. aIgZ6q6/vBnzaCVMn8SMN/XVikqk7w5X5+vi8FLhZ78oTGnrC1vBSAnP f78DHE1mavyeOVPVJA7fke6scotvM9i+bQMuJnspZEv7yrxDzg+twsA2 l5Y3ZfL+xJZjnoGPg0k5pP82yMBY6ypt1XrjP0EjbACkuBhsE1dGY4r/ Mt0=
L1RLEJ2PLV9HT8DOB3216S81SELAA6QM.be. 600 IN NSEC3 1 1 0 - L1ROAIUMFCJC01GSERS84HE0IAI4N7HR NS DS RRSIG
L1RLEJ2PLV9HT8DOB3216S81SELAA6QM.be. 600 IN RRSIG NSEC3 8 2 600 20250331142756 20250311112610 29088 be. HWXFFEVcAg4CpmlbERCbQ9ZLGy49ZeOOUMl4dJbPuLqdDwo7EDHe16Cf n6MMBhRHIzqXQ4rIK7+RzP11/b0oi4ftgyMBFlgzux5LMLb9cXNEiFZ7 dFMfFYQwXwaS6KSuBzG6mOrRvsIjOs3+Fv7hO/Kx46pyjkHCJ0MIf9po efI=
dig: couldn’t get address for ‘ns1.weirdgang.be’: no more
couldn’t get address for ‘ns1.weirdgang.be’: failure
couldn’t get address for ‘ns2.weirdgang.be’: failure
Grumpyxiii
;; communications error to 2001:500:a8::e#53: timed out
;; communications error to 2001:500:a8::e#53: timed out
;; communications error to 2001:500:a8::e#53: timed out
This seems to be the problem, DNS via IPv6 outgoing seems to be blocked / not working
DocFraggle
My network is currently not ipv6 ready… so it should all pas over ipv4. ipv6 is currently still work in progress
Grumpyxiii OK, you can try to disable IPv6:
Disable IPv6 - mailcow: dockerized documentation docs.mailcow.email
Ok I finaly got it to work. The Hosntames clear now on the acme client . currently have the issue of the HTTP verification not working. with the error Confirmed A record with IP 213.133.102.211, but HTTP validation failed. Going to see if the docs are any help resolving this one
Problem solved. in mailcow.conf I set the http verifaction from yes to no. stopped all docker gave the docker service a restart. restarted all the containers and i had a cert within minutes
Do you have a firewall in place blocking port 80 incoming? That’s not a mailcow problem
