Clarification about ADDITIONAL_SERVER_NAMES config option

gorby

Hello everyone,
I read the whole config file and I think I understood it quite well.
But there’s something not working so maybe there’s room for clarification 🙂

I configured my server for PTR to resolve to “mail.domain.com”
In my config file, I have :
ADDITIONAL_SERVER_NAMES=mailcow.domain.com

But when I started (or have restarted since), the ACME cert is generated for mail.domain.com 🟢 , but not the mailcow.domain.com's 🟥 one.
What am I missing please ?

I’m trying to access mailcow UI only with “mailcow.domain.com” and not “mail.domain.com”.

–
Leo.

DocFraggle

You need ADDITIONAL_SAN for this

gorby

Ah!
So what’s ADDITIONAL_SERVER_NAMES is for exactly ?

torbho

ADDITIONAL_SERVER_NAMES is for the Mailcow UI, not for mail certificates.

Don’t forget
docker compose down && docker compose up -d
after changing these settings in the mailcow.conf
Just docker compose restart won’t work

gorby

Thanks @torbho, but that’s exactly what I’m trying to do here : access mailcow UI through mail.domain.com and not through mail.domain.com.
Yes, I used docker compose down && docker compose up -d 🙂 👍️

As described in the docs :

# Additional server names for mailcow UI
#
# Specify alternative addresses for the mailcow UI to respond to
# This is useful when you set mail.* as ADDITIONAL_SAN and want to make sure mail.maildomain.com will always point to the mailcow UI.
# If the server name does not match a known site, Nginx decides by best-guess and may redirect users to the wrong web root.
# You can understand this as server_name directive in Nginx.
# Comma separated list without spaces! Example: ADDITIONAL_SERVER_NAMES=a.b.c,d.e.f

I’m wondering if I have to declare “mailcow.*” in the ADDITIONAL_SAN section also to make it work… ?

DocFraggle

gorby ADDITIONAL_SAN is for the certificate, also described in the docs 😉

# Additional SAN for the certificate
#
# You can use wildcard records to create specific names for every domain you add to mailcow.
# Example: Add domains "example.com" and "example.net" to mailcow, change ADDITIONAL_SAN to a value like:
#ADDITIONAL_SAN=imap.*,smtp.*
# This will expand the certificate to "imap.example.com", "smtp.example.com", "imap.example.net", "smtp.example.net"
# plus every domain you add in the future.
#
# You can also just add static names...
#ADDITIONAL_SAN=srv1.example.net
# ...or combine wildcard and static names:
#ADDITIONAL_SAN=imap.*,srv1.example.com

gorby

Thanks @DocFraggle, I managed to understand the difference :
ADDITIONAL_SAN is about cert generation ;
ADDITIONAL_SERVER_NAMES is about letting nginx know it can be accessed on that server.

Perfectly clear (my mistake was on the ADDITIONAL_SERVER_NAMES also generating the certificate).
Thanks everyone 🙂

–
Leo.