Mailcow-dockerized: Force mailcow to renew SSL

Created on 7 Jan 2018  路  6Comments  路  Source: mailcow/mailcow-dockerized

Hello,

I did a big mistake. Somehow, I enabled cloudflare's proxy and CDN for my mail record of one domain.. (mail.domain.tld). It was there with CloudFlare's flexible SSL settings, so I did not now about it..until now...because the old SSL certs is out now and of course because of the CF proxy, this domain can't get re-validated.. So my question is. How can I add this subdomain into Lets encrypt and how to force mailcow to update the cert with this domain?

Thank you

picture DJIronic

Most helpful comment

Remove Cloudflare from that domain so that it resolves to the real IP again, then restart acme-mailcow and it should automatically check and renew as far as I know.

Restart and check the logs with:

docker-compose restart acme-mailcow && docker-compose logs -f --tail=100 acme-mailcow

If the sub domain isn't mentioned in any of your mail domains, you might have to add it by editing mailcow.conf and adding it to the ADDITIONAL_SAN variable.

picture hachre on 7 Jan 2018
👍2

All 6 comments

Remove Cloudflare from that domain so that it resolves to the real IP again, then restart acme-mailcow and it should automatically check and renew as far as I know.

Restart and check the logs with:

docker-compose restart acme-mailcow && docker-compose logs -f --tail=100 acme-mailcow

If the sub domain isn't mentioned in any of your mail domains, you might have to add it by editing mailcow.conf and adding it to the ADDITIONAL_SAN variable.

hachre picture hachre on 7 Jan 2018
👍2

OK, CloudFlare already removed.

acme-mailcow_1 | acme-client: /var/lib/acme/acme/cert.pem: expanding with domain: mail.domain.tld
and then
acme-mailcow_1 | Sun Jan 7 18:00:30 UTC 2018 - ACME certificate validation done. Sleeping for another day.

And yes, site works now. Thank you very much. 馃憤

DJIronic picture DJIronic on 7 Jan 2018
👍1

Remove Cloudflare from that domain so that it resolves to the real IP again, then restart acme-mailcow and it should automatically check and renew as far as I know.

Restart and check the logs with:

docker-compose restart acme-mailcow && docker-compose logs -f --tail=100 acme-mailcow

If the sub domain isn't mentioned in any of your mail domains, you might have to add it by editing mailcow.conf and adding it to the ADDITIONAL_SAN variable.

I needed to add another mail domain to my pod, so I added it to the ADDITIONAL_SAN variable and restarted docker-compose as explained here. The log output just showed that it couldn't find some autodiscover and autoconfig A records, so it ended saying nothing had changed.

What do I need to do to force it to check for this update?

dokbua picture dokbua on 21 Jul 2019

DNS is cached. DNS changes are never instant.

Try to restart unbound-mailcow to clear the cache.

andryyy picture andryyy on 21 Jul 2019

I don't quite understand the link to DNS - the domains I want to add already resovles in DNS - but anyway, I restarted unbound-mailcow, then restarted acme-mailcow . Unfortunately the log still shows no change..

dokbua picture dokbua on 21 Jul 2019

If it resolves for you, it may not resolve for me. Changes in DNS are not instant. We can have a different cache. This is _all_ about DNS. :)

But you may be missing what's described in the docs: docker-compose up -d to actually apply the changes to additional_san. :)

andryyy picture andryyy on 21 Jul 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

poldixd picture poldixd  路  3Comments
thannaske picture thannaske  路  3Comments
pgollor picture pgollor  路  3Comments
bonanza123 picture bonanza123  路  3Comments
Braintelligence picture Braintelligence  路  3Comments