Mailcow-dockerized: ACME bad response

Is mail.mydomain.tld resolvable and reachable from the outside? Did you allow enough time for DNS settings to propagate?

Does the following near the bottom of your log show the correct IP address for mail.mydomain.tld?

"hostname": "mail.mydomain.tld", "port": "80", "addressesResolved": [ "11.22.33.44" ], "addressUsed": "11.22.33.44", "

Yes, I am currently using the mail server properly. I can send and receive emails, everything works as it should. The only problem being the certificate.

Did you change anything regarding the reachablility of Mailcow's own Nginx on ports 80 and 443 or change the Nginx configuration in some way?

As I stated, I did change Mailcow's ports from 80 to 8080 and 443 to 8443 for the 2nd web-server I use to work properly.

Oh sorry, I missed that. Alright, I guess that's the problem then. Will have to wait for a Dev's response here!

Not a problem. Yeah I concluded that myself too...I only hope there's a workaround.

I think the only option is to set up the frontend webserver, which is handling your port 80 (as seen from the internet), to route any requests for "/.well-known/" to the Mailcow web server internally. This can be achieved via a ProxyPass directive on Apache for example.

Haven't thought about that. I will give it a go and see what I can achieve. I will report back when I get around it. Thank you.

Maybe it has something to do with this: https://community.letsencrypt.org/t/2018-01-09-issue-with-tls-sni-01-and-shared-hosting-infrastructure/49996

Hello again.
After following @hachre 's advice, acme log looks like this:

acme-mailcow_1 | Fri Jan 12 11:46:52 UTC 2018 - Waiting for domain tables... OK
acme-mailcow_1 | Fri Jan 12 11:46:52 UTC 2018 - Found A record for autoconfig.mydomain.tld: 11.22.33.44
acme-mailcow_1 | Fri Jan 12 11:46:52 UTC 2018 - Confirmed A record autoconfig.mydomain.tld
acme-mailcow_1 | Fri Jan 12 11:46:52 UTC 2018 - Found A record for autodiscover.mydomain.tld: 11.22.33.44
acme-mailcow_1 | Fri Jan 12 11:46:52 UTC 2018 - Confirmed A record autodiscover.mydomain.tld
acme-mailcow_1 | Fri Jan 12 11:46:52 UTC 2018 - Found A record for mail.mydomain.tld: 11.22.33.44
acme-mailcow_1 | Fri Jan 12 11:46:52 UTC 2018 - Confirmed A record mail.mydomain.tld
acme-mailcow_1 | acme-client: /var/lib/acme/acme/private/account.key: account key exists (not creating)
acme-mailcow_1 | acme-client: /var/lib/acme/acme/private/privkey.pem: domain key exists (not creating)
acme-mailcow_1 | acme-client: adding SAN: autoconfig.mydomain.tld
acme-mailcow_1 | acme-client: adding SAN: autodiscover.mydomain.tld
acme-mailcow_1 | acme-client: https://acme-v01.api.letsencrypt.org/directory: directories
acme-mailcow_1 | acme-client: acme-v01.api.letsencrypt.org: DNS: 184.85.247.152
acme-mailcow_1 | acme-client: acme-v01.api.letsencrypt.org: DNS: 2a02:26f0:c00:4b0::3d5
acme-mailcow_1 | acme-client: acme-v01.api.letsencrypt.org: DNS: 2a02:26f0:c00:4a7::3d5
acme-mailcow_1 | acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz: req-auth: mail.mydomain.tld
acme-mailcow_1 | acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz: req-auth: autoconfig.mydomain.tld
acme-mailcow_1 | acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz: req-auth: autodiscover.mydomain.tld
acme-mailcow_1 | acme-client: /var/www/acme/vpRTVi1ka2Qd7ryjn3xtvdq5Wl0pphhYqioxPzwUNaQ: created
acme-mailcow_1 | acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/FyVBcjNmNvxhCsk4vUJZPLUkdfCKYy-KSlf3Q_yH_L8/3065388729: challenge
acme-mailcow_1 | acme-client: /var/www/acme/E03XSknTW_h766zh2LuEy_ONd7XrJn_KDpd_hOHJrGY: created
acme-mailcow_1 | acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/F4IYULWOmgF_QM2fXqEEw2v3UM9HyiocP5223dRfcVE/3065388831: challenge
acme-mailcow_1 | acme-client: /var/www/acme/HoYFYE_QxxG23VI4JFmVWTUMMFm51bN-z4YAZ1NM7yk: created
acme-mailcow_1 | acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/NfE9vubG_gUWutYpVZ0EmLzmGcrbJc-3AfJQl7rakNk/3065388930: challenge

However the certificate wasn't applied. These are the changes I made to sites.conf:

location /.well.known/acme-challenge/ {
proxy_pass http://11.22.33.44:8080/;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_redirect on;
}

I think some of the log is cut off. It should give out more info about whether it will expand the cert and so on below the stuff you posted.

Yeah it did, I checked after I posted and returned the same error, forgot to report back. The changes I made to nginx are relevant in any way?

So it still says this essentially?

bad response
acme-mailcow_1 | acme-client: transfer buffer: [{ "type": "http-01", "status": "invalid", "error": { "type": "urn:acme:error:unauthorized", "detail": "Invalid response from http://mail.mydomain.tld/.well-known/acme-challenge

Did you make those changes to the Nginx that's included in Mailcow? You need to make those changes to whatever webserver handles your port 80 as seen from the Internet.

Oh right, I am dumb. I will do the settings there then. Thanks a lot :D