Hi. My setup has been working well for a few years now for a few domains and everything has been running fine with SSL. The added domain are properly listed in the ADDITIONAL_SAN and the certificate itself correctly lists all domains. Several validation tools confirm that everything is fine with SSL. However… I just noticed that the MAILCOW_HOSTNAME itself is NOT listed in the certificate… The server’s fqdn is not listed. It’s not a major issue since the server is accessed through mail.my-domain-name.com and not server.my-domain-name.com (the fqdn) set in MAILCOW_HOSTNAME.
Here’s what I can see in the acme renew logs:
acme-mailcow_1 | Mon Dec 14 10:48:26 EST 2020 - Found AAAA record for server.my-domain-name.com: fd4d:6169:6c63:6f77::d - skipping A record check
acme-mailcow_1 | Mon Dec 14 10:48:26 EST 2020 - Cannot match your IP my-server’s-ipv6-address-here against hostname server.my-domain-name.com (DNS returned fd4d:6169:6c63:6f77:0000:0000:0000:000d)
The IPv6 address shown in the log (fd4d:6169:6c63:6f77) is the default IP address configured in IPV6_NETWORK (mailcow.conf) which is an “internal” ip.
Because of that, server.my-domain-name.com is NOT included in the certificate.
But since mail.my-domain-name.com is then mail works as this is the address used in the mail clients.
How can I get server.my-domain-name.com (MAILCOW_HOSTNAME) to be included in the certificate?
I just ran a test with SKIP_IP_CHECK=n (mailcow.conf) and by disabling IP check then the certificate includes MAILCOW_HOSTNAME.
Why is the “internal ipv6” used in the ip check?
Or what is wrong in my setup that prevents MAILCOW_HOSTNAME to be included in the SSL certificate?