Mailcow-dockerized: No SSL with Lets Encrypt - acme-mailcow
Hello,
first sorry for my bad english, i am from germany.
I have problems to get a SSL Certificate from Lets Encrypt:
acme-mailcow_1 | Sun Jan 6 13:25:25 CET 2019 - Waiting for Docker API...OK
acme-mailcow_1 | Sun Jan 6 13:25:26 CET 2019 - Waiting for database...
acme-mailcow_1 | Uptime: 4 Threads: 10 Questions: 7 Slow queries: 0 Opens: 17 Flush tables: 1 Open tables: 11 Queries per second avg: 1.750
acme-mailcow_1 | Sun Jan 6 13:25:41 CET 2019 - Initializing, please wait...
acme-mailcow_1 | Sun Jan 6 13:25:41 CET 2019 - Detecting IP addresses... OK
acme-mailcow_1 | Sun Jan 6 13:25:52 CET 2019 - Waiting for domain table... OK
acme-mailcow_1 | Sun Jan 6 13:25:53 CET 2019 - Found A record for email.xxxxxx.de: 159.69.xxx.xxx
acme-mailcow_1 | Sun Jan 6 13:25:53 CET 2019 - Confirmed A record 159.69.xxx.xxx
acme-mailcow_1 | acme-client: acme-client: /var/lib/acme/acme/private/account.key: generating RSA account key
acme-mailcow_1 | /var/lib/acme/acme/private/privkey.pem: generating RSA domain key
acme-mailcow_1 | acme-client: https://acme-v01.api.letsencrypt.org/directory: directories
acme-mailcow_1 | acme-client: https://acme-v01.api.letsencrypt.org/directory: bad comm
acme-mailcow_1 | acme-client: bad exit: netproc(185): 1
acme-mailcow_1 | Sun Jan 6 13:26:00 CET 2019 - Verified hashes.
acme-mailcow_1 | Sun Jan 6 13:26:00 CET 2019 - Retrying in 30 minutes...
I also read other requests but i dont find a solution and cannot fix that. IPv6 is disabled at the moment.
tobias992
All 15 comments
Really nobody?
If i type in the IP-Address in Browser a can access the site...
tobias992
on 6 Jan 2019
It has been 9 hours. On a sunday. This is not even a support channel.
Try this:
cd /opt/mailcow-dockerized
mv data/assets/ssl data/assets/ssl_backup
cp -rp data/assets/ssl-example/ data/assets/ssl
docker-compose restart acme-mailcow
andryyy
on 6 Jan 2019
That was not "bad meaning", sorry for that.
I already did that but i get the same log from acme-mailcow.
I installed Mailcow on a clean Debian 9 minimal image and i disabled only ipv6 in config.
I installed Mailcow so often without any problems and now i cannot fix this maybe small issue xD
Yes of course, i can create the certificate with certbot but thats only a workaround and not a real fix.
tobias992
on 6 Jan 2019
Reverse Proxy?
andryyy
on 7 Jan 2019
No.
BlueMail for Android herunterladen
Am 7. Jan. 2019, 10:43, um 10:43, "André Peters" notifications@github.com schrieb:
Reverse Proxy?
--
You are receiving this because you authored the thread.
Reply to this email directly or view it on GitHub:
https://github.com/mailcow/mailcow-dockerized/issues/2154#issuecomment-451877713
tobias992
on 7 Jan 2019
no other ideas?
tobias992
on 9 Jan 2019
PS: Now i get another acme-mailcow log:
acme-mailcow_1 | acme-client: /var/lib/acme/acme/private/account.key: account key exists (not creating)
acme-mailcow_1 | acme-client: /var/lib/acme/acme/private/privkey.pem: domain key exists (not creating)
acme-mailcow_1 | acme-client: https://acme-v01.api.letsencrypt.org/directory: directories
acme-mailcow_1 | acme-client: acme-v01.api.letsencrypt.org: DNS: 104.111.246.175
acme-mailcow_1 | acme-client: acme-v01.api.letsencrypt.org: DNS: 2a02:26f0:f1:292::3a8e
acme-mailcow_1 | acme-client: acme-v01.api.letsencrypt.org: DNS: 2a02:26f0:f1:294::3a8e
But also not possible to use.
tobias992
on 9 Jan 2019
Repeat the exact steps from above please and delete the SSL folder.
andryyy
on 9 Jan 2019
Same error!
acme-mailcow_1 | acme-client: transfer buffer: [{ "type": "urn:acme:error:unauthorized", "detail": "Error creating new cert :: authorizations for these names not found or expired: autodiscover.**, autodiscover.**, **, **", "status": 403 }] (248 bytes)
acme-mailcow_1 | acme-client: bad exit: netproc(297): 1
acme-mailcow_1 | Wed Jan 9 19:54:24 CET 2019 - Verified hashes.
acme-mailcow_1 | Wed Jan 9 19:54:24 CET 2019 - Retrying in 30 minutes...
josselinlbe
on 9 Jan 2019
Because "urn:acme:error:unauthorized" (edit: it is not the same problem as above, please check your DNS, don't disable the IP check and post full logs)
andryyy
on 9 Jan 2019
I already did the steps from above... nothing. I get also the SSL error.
tobias992
on 10 Jan 2019
When i did a ssl test with ssllabs i got an grade "F". Its a name missmatch. The common name is: mail.example.com. Hostname and rDNS are set correct.
tobias992
on 10 Jan 2019
acme-mailcow_1 | acme-client: /var/lib/acme/acme/private/privkey.pem: generating RSA domain key
acme-mailcow_1 | acme-client: /var/lib/acme/acme/private/account.key: generating RSA account key
acme-mailcow_1 | acme-client: https://acme-v01.api.letsencrypt.org/directory: directories
acme-mailcow_1 | acme-client: acme-v01.api.letsencrypt.org: DNS: 104.111.246.175
acme-mailcow_1 | acme-client: acme-v01.api.letsencrypt.org: DNS: 2a02:26f0:f1:294::3a8e
acme-mailcow_1 | acme-client: acme-v01.api.letsencrypt.org: DNS: 2a02:26f0:f1:292::3a8e
acme-mailcow_1 | acme-client: https://acme-v01.api.letsencrypt.org/acme/new-reg: new-reg
acme-mailcow_1 | acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz: req-auth: email.xxxxx.de
tobias992
on 10 Jan 2019
Cannot reproduce. But I can offer to have a quick look at it, need access though. Mail me, please. :)
andryyy
on 10 Jan 2019
It was a wrong MTU.
andryyy
on 11 Jan 2019
Related issues
phipag
·
3Comments
pgollor
·
3Comments
zkryakgul
·
3Comments
poldixd
·
3Comments
schoebelh
·
3Comments
Most helpful comment
It has been 9 hours. On a sunday. This is not even a support channel.
Try this: