Foxly how do you solve the problem?
Well, I found a workaround, I added
mailcow.conf (ensure that this line is not overridden by another non-commented out
SKIP_HTTP_VERIFICATION= line that turns it back off or something).
This skips the HTTP verification of each domain, as the variable name suggests.
It caused some other temporary issues as some domains that were not reachable by HTTP were not passing by ACME client/Let’s Encrypt instead.
The underlying issue is not completely resolved yet, but I need to prevent this from happening again. This became noticeable after updating the mail server by using
update.sh. It happened to me last year, now this year:
nginx currently doesn’t listen also on the
IPv6 address of the mail server, only on the
This was pointed out in this GitHub issue discussion:
acme service script validates HTTP over
nginx is not listening on
the validation fails and the domain is not added - even not the FQDN of the mail server - which was the main issue for me.
There are two other issues that surfaced while troubleshooting/finding a workaround for this:
- Just restarting the
docker compose setup isn’t enough to make
mailcow use the new
Let's Encrypt-related settings. I had to invoke
./update.sh (with no new updates applied as already all updates had been installed) to make it use the new configuration.
- I wasn’t able to force
acme to use only a subset of those domains, it tried to automatically use all domains - which crept towards the SAN limit of 100. Luckily it staid below in the end and Let’s Encrypt signed the mail server certificate.