mailcow / mailcow-dockerized

mailcow: dockerized - šŸ® + šŸ‹ = šŸ’•
https://mailcow.email
GNU General Public License v3.0
8.95k stars 1.17k forks source link

Acme - Missing Maildomain #2736

Closed lotg2020 closed 5 years ago

lotg2020 commented 5 years ago

Since the last update I noticed in the ACME logs that every 30 minutes the following error message appears:

Traceback (most recent call last): File "/usr/bin/acme-tiny", line 10, in sys.exit(main()) File "/usr/lib/python3.6/site-packages/acme_tiny.py", line 194, in main signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact) File "/usr/lib/python3.6/site-packages/acme_tiny.py", line 150, in get_crt raise ValueError("Challenge did not pass for {0}: {1}".format(domain, authorization)) ValueError: Challenge did not pass for autoconfig.xxxxxxx.info: {'identifier': {'type': 'dns', 'value': 'autoconfig.xxxxxxx.info'}, 'status': 'invalid', 'expires': '2019-07-05T12:29:44Z', 'challenges': [{'type': 'tls-alpn-01', 'status': 'invalid', 'url': 'https://acme-v02.api.letsencrypt.org/acme/challenge/_7VFPH2jXGZjcvKUK0g7FlKHV4pjOdEzZLmPJA8Q1Ns/17617381674', 'token': 'BMY1jXWjuLG4k7Xs-xN9J6MqDod55Z-j6kKZbFUnw-o'}, {'type': 'dns-01', 'status': 'invalid', 'url': 'https://acme-v02.api.letsencrypt.org/acme/challenge/_7VFPH2jXGZjcvKUK0g7FlKHV4pjOdEzZLmPJA8Q1Ns/17617381675', 'token': '1_SQJdHwVcyDxHsMBczBFvQNS4b7e8UbLf2Pd6jZ7Jg'}, {'type': 'http-01', 'status': 'invalid', 'error': {'type': 'urn:ietf:params:acme:error:unauthorized', 'detail': 'Invalid response from http://autoconfig.xxxxxxx.info/.well-known/acme-challenge/02AZ_oCVJ0tW26f5gul_z_nhqrlZLaJWwy3z0N-iUYo [xxxxxxx]: "\ \ %!E(MISSING)MAILDOMAIN%!<(MISSING)/domain"', 'status': 403}, 'url': 'https://acme-v02.api.letsencrypt.org/acme/challenge/_7VFPH2jXGZjcvKUK0g7FlKHV4pjOdEzZLmPJA8Q1Ns/17617381677', 'token': '02AZ_oCVJ0tW26f5gul_z_nhqrlZLaJWwy3z0N-iUYo', 'validationRecord': [{'url': 'http://autoconfig.xxxxxxx.info/.well-known/acme-challenge/02AZ_oCVJ0tW26f5gul_z_nhqrlZLaJWwy3z0N-iUYo', 'hostname': 'autoconfig.xxxxxxx.info', 'port': '80', 'addressesResolved': ['xxxxxxx'], 'addressUsed': 'xxxxxxx'}]}]}

Is this a bug or just a wrong config?

Thank you.

andryyy commented 5 years ago

Please post your mailcow.conf without hostnames and passwords.

lotg2020 commented 5 years ago

mailcow web ui configuration

example.org is not a valid hostname, use a fqdn here. Default admin user is "admin" Default password is "moohoo"

MAILCOW_HOSTNAME=mail.xxx.net


SQL database configuration

DBNAME=xxx DBUSER=xxx

Please use long, random alphanumeric strings (A-Za-z0-9)

DBPASS=xxx DBROOT=xxx


HTTP/S Bindings

You should use HTTPS, but in case of SSL offloaded reverse proxies:

HTTP_PORT=80 HTTP_BIND=0.0.0.0

HTTPS_PORT=443 HTTPS_BIND=0.0.0.0


Other bindings

You should leave that alone Format: 11.22.33.44:25 or 0.0.0.0:465 etc. Do not use IP:PORT in HTTP(S)_BIND or HTTP(S)_PORT

SMTP_PORT=25 SMTPS_PORT=465 SUBMISSION_PORT=587 IMAP_PORT=143 IMAPS_PORT=993 POP_PORT=110 POPS_PORT=995 SIEVE_PORT=4190 DOVEADM_PORT=127.0.0.1:19991 SQL_PORT=127.0.0.1:13306

Your timezone

TZ=Europe/Berlin

Fixed project name

COMPOSE_PROJECT_NAME=mailcowdockerized

Garbage collector cleanup Deleted domains and mailboxes are moved to /var/vmail/_garbage/timestamp_sanitizedstring How long should objects remain in the garbage until they are being deleted? (value in minutes) Check interval is hourly

MAILDIR_GC_TIME=1440

Additional SAN for the certificate

You can use wildcard records to create specific names for every domain you add to mailcow. Example: Add domains "example.com" and "example.net" to mailcow, change ADDITIONAL_SAN to a value like: ADDITIONAL_SAN=imap.,smtp. This will expand the certificate to "imap.example.com", "smtp.example.com", "imap.example.net", "imap.example.net" plus every domain you add in the future.

You can also just add static names... ADDITIONAL_SAN=srv1.example.net ...or combine wildcard and static names: ADDITIONAL_SAN=imap.*,srv1.example.com

ADDITIONAL_SAN=imap.,pop3.,smtp.*,mail.xxx.net,nextcloud.xxx.net

Skip running ACME (acme-mailcow, Let's Encrypt certs) - y/n

SKIP_LETS_ENCRYPT=n

Skip IPv4 check in ACME container - y/n

SKIP_IP_CHECK=n

Skip ClamAV (clamd-mailcow) anti-virus (Rspamd will auto-detect a missing ClamAV container) - y/n

SKIP_CLAMD=n

Enable watchdog (watchdog-mailcow) to restart unhealthy containers (experimental)

USE_WATCHDOG=n

Send notifications by mail (no DKIM signature, sent from watchdog@MAILCOW_HOSTNAME) Can by multiple rcpts, NO quotation marks

WATCHDOG_NOTIFY_EMAIL=a@example.com,b@example.com,c@example.com WATCHDOG_NOTIFY_EMAIL=

Max log lines per service to keep in Redis logs

LOG_LINES=9999

Internal IPv4 /24 subnet, format n.n.n. (expands to n.n.n.0/24)

IPV4_NETWORK=172.22.1

Internal IPv6 subnet in fc00::/7

IPV6_NETWORK=fd4d:6169:6c63:6f77::/64

Use this IPv4 for outgoing connections (SNAT)

SNAT_TO_SOURCE=

Use this IPv6 for outgoing connections (SNAT)

SNAT6_TO_SOURCE=

Create or override API key for web uI You must define API_ALLOW_FROM, which is a comma separated list of IPs API_KEY allowed chars: a-z, A-Z, 0-9, -

API_KEY= API_ALLOW_FROM=127.0.0.1,1.2.3.4

Set this to "allow" to enable the anyone pseudo user. Disabled by default. When enabled, ACL can be created, that apply to "All authenticated users" This should probably only be activated on mail hosts, that are used exclusivly by one organisation. Otherwise a user might share data with too many other users. ACL_ANYONE=disallow Solr heap size, there is no recommendation, please see Solr docs. Solr is a prone to run OOM on large systems and should be monitored. Unmonitored Solr setups are not recommended. Solr will refuse to start with total system memory below or equal to 2 GB. SOLR_HEAP=1024 SKIP_SOLR=n MAILDIR_SUB defines a path in a users virtual home to keep the maildir in. Leave empty for updated setups. MAILDIR_SUB=Maildir MAILDIR_SUB= SKIP_HTTP_VERIFICATION=n ALLOW_ADMIN_EMAIL_LOGIN=n Notify about banned IP. Includes whois lookup. WATCHDOG_NOTIFY_BAN=y

dofl commented 5 years ago

Same here since the last update. Nothing of any config changed, domain added, etc around the update.

Parsing account key... Parsing CSR... Found domains: autodiscover.domainname1.nl, autoconfig.domainname2.nl, autodiscover.domainname2.nl, autodiscover.domainname3.nl, autoconfig.domainname3.nl, mail.domainname3.nl, autoconfig.domainname1.nl Getting directory... Directory found! Registering account... Already registered! Creating new order... Order created! Verifying autoconfig.domainname1.nl... Traceback (most recent call last): File "/usr/bin/acme-tiny", line 10, in sys.exit(main()) File "/usr/lib/python3.6/site-packages/acme_tiny.py", line 194, in main signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact) File "/usr/lib/python3.6/site-packages/acme_tiny.py", line 150, in get_crt raise ValueError("Challenge did not pass for {0}: {1}".format(domain, authorization)) ValueError: Challenge did not pass for autoconfig.domainname1.nl: {'identifier': {'type': 'dns', 'value': 'autoconfig.domainname1.nl'}, 'status': 'invalid', 'expires': '2019-07-05T14:26:24Z', 'challenges': [{'type': 'http-01', 'status': 'invalid', 'error': {'type': 'urn:ietf:params:acme:error:unauthorized', 'detail': 'Invalid response from http://autoconfig.domainname1.nl/.well-known/acme-challenge/2AmOIq5AZKCARuZSy30OQuGkN4Wx9BulT06ogTiJEdU [2a01:4f8:c2c:db1::1]: "\ \ %!E(MISSING)MAILDOMAIN%!<(MISSING)/domain>\ "', 'status': 403}, 'url': 'https://acme-v02.api.letsencrypt.org/acme/challenge/BjYIEJZXLxtwXl0N_vNw-dU3m7dvc4-dfmOznHGCAbQ/17620426989', 'token': '2AmOIq5AZKCARuZSy30OQuGkN4Wx9BulT06ogTiJEdU', 'validationRecord': [{'url': 'http://autoconfig.domainname1.nl/.well-known/acme-challenge/2AmOIq5AZKCARuZSy30OQuGkN4Wx9BulT06ogTiJEdU', 'hostname': 'autoconfig.domainname1.nl', 'port': '80', 'addressesResolved': ['94.130.176.136', '2a01:4f8:c2c:db1::1'], 'addressUsed': '2a01:4f8:c2c:db1::1'}]}, {'type': 'tls-alpn-01', 'status': 'invalid', 'url': 'https://acme-v02.api.letsencrypt.org/acme/challenge/BjYIEJZXLxtwXl0N_vNw-dU3m7dvc4-dfmOznHGCAbQ/17620426990', 'token': 'n-cDiPWO4kz4B8KEovMb3XOY2JARxH0TvyAMWebwYAw'}, {'type': 'dns-01', 'status': 'invalid', 'url': 'https://acme-v02.api.letsencrypt.org/acme/challenge/BjYIEJZXLxtwXl0N_vNw-dU3m7dvc4-dfmOznHGCAbQ/17620426991', 'token': '2FyatewJlpnPabdCO2IYZav9HUu20ZswxxjVQQK186g'}]}

lgusewski commented 5 years ago

I have these error messages from watchdog also since yesterday. Also only made an update last week without any additional changes on the setup.

apintocr commented 5 years ago

Having the same symptoms. Have not digged up further on logs but it happened after updating yesterday.

andryyy commented 5 years ago

Need the full logs of this container.

lgusewski commented 5 years ago

29.6.2019, 10:27:49 Retrying in 30 minutes... 29.6.2019, 10:27:49 Parsing account key... Parsing CSR... Found domains: autodiscover.gusewski.biz, autoconfig.gusewski.de, autodiscover.gusewski.net, autoconfig.gusewski.net, autodiscover.gusewski.email, autoconfig.gusewski.biz, mailcow.gusewski.xyz, autodiscover.gusewski.de, autoconfig.gusewski.email, autoconfig.gusewski.xyz, autodiscover.gusewski.xyz Getting directory... Directory found! Registering account... Already registered! Creating new order... Order created! Verifying autoconfig.gusewski.biz... Traceback (most recent call last): File "/usr/bin/acme-tiny", line 10, in sys.exit(main()) File "/usr/lib/python3.6/site-packages/acme_tiny.py", line 194, in main signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact) File "/usr/lib/python3.6/site-packages/acme_tiny.py", line 150, in get_crt raise ValueError("Challenge did not pass for {0}: {1}".format(domain, authorization)) ValueError: Challenge did not pass for autoconfig.gusewski.biz: {'identifier': {'type': 'dns', 'value': 'autoconfig.gusewski.biz'}, 'status': 'invalid', 'expires': '2019-07-06T07:57:40Z', 'challenges': [{'type': 'http-01', 'status': 'invalid', 'error': {'type': 'urn:ietf:params:acme:error:unauthorized', 'detail': 'Invalid response from http://autoconfig.gusewski.biz/.well-known/acme-challenge/gA1yAAIHIss17oNMfErFGEipJhudvfKoU_2Z7avEChg [2a03:4000:9:104::1]: "\ \ %!E(MISSING)MAILDOMAIN%!<(MISSING)/dom"', 'status': 403}, 'url': 'https://acme-v02.api.letsencrypt.org/acme/challenge/-1XKQRFlcqoqczporuFgTROqVGMYdiJz6-EHsUqsiI0/17649353218', 'token': 'gA1yAAIHIss17oNMfErFGEipJhudvfKoU_2Z7avEChg', 'validationRecord': [{'url': 'http://autoconfig.gusewski.biz/.well-known/acme-challenge/gA1yAAIHIss17oNMfErFGEipJhudvfKoU_2Z7avEChg', 'hostname': 'autoconfig.gusewski.biz', 'port': '80', 'addressesResolved': ['37.221.196.194', '2a03:4000:9:104::1'], 'addressUsed': '2a03:4000:9:104::1'}]}, {'type': 'dns-01', 'status': 'invalid', 'url': 'https://acme-v02.api.letsencrypt.org/acme/challenge/-1XKQRFlcqoqczporuFgTROqVGMYdiJz6-EHsUqsiI0/17649353219', 'token': 'JJpZUTPY0ZBKzBdEjpr4Hm5LKHvpUs2CenQs3ielxYg'}, {'type': 'tls-alpn-01', 'status': 'invalid', 'url': 'https://acme-v02.api.letsencrypt.org/acme/challenge/-1XKQRFlcqoqczporuFgTROqVGMYdiJz6-EHsUqsiI0/17649353221', 'token': 'i8BxgUL0J2O6cmtVPPIWkyQw_DkiX732N4XKUQeSPK8'}]} 29.6.2019, 10:27:44 Creating backups in /var/lib/acme/backups/2019-06-29_10_27_44/ ... 29.6.2019, 10:27:44 Found new SANs autoconfig.gusewski.biz autoconfig.gusewski.de autoconfig.gusewski.email autoconfig.gusewski.net autoconfig.gusewski.xyz 29.6.2019, 10:27:44 Confirmed AAAA record 2a03:4000:9:104::1 29.6.2019, 10:27:44 Found AAAA record for mailcow.gusewski.xyz: 2a03:4000:9:104::1 - skipping A record check 29.6.2019, 10:27:44 Confirmed AAAA record 2a03:4000:9:104::1 29.6.2019, 10:27:44 Found AAAA record for autoconfig.gusewski.xyz: 2a03:4000:9:104::1 - skipping A record check 29.6.2019, 10:27:44 Confirmed AAAA record 2a03:4000:9:104::1 29.6.2019, 10:27:44 Found AAAA record for autodiscover.gusewski.xyz: 2a03:4000:9:104::1 - skipping A record check 29.6.2019, 10:27:44 Confirmed AAAA record 2a03:4000:9:104::1 29.6.2019, 10:27:44 Found AAAA record for autoconfig.gusewski.net: 2a03:4000:9:104::1 - skipping A record check 29.6.2019, 10:27:44 Confirmed AAAA record 2a03:4000:9:104::1 29.6.2019, 10:27:44 Found AAAA record for autodiscover.gusewski.net: 2a03:4000:9:104::1 - skipping A record check 29.6.2019, 10:27:44 Confirmed AAAA record 2a03:4000:9:104::1 29.6.2019, 10:27:44 Found AAAA record for autoconfig.gusewski.email: 2a03:4000:9:104::1 - skipping A record check 29.6.2019, 10:27:44 Confirmed AAAA record 2a03:4000:9:104::1 29.6.2019, 10:27:44 Found AAAA record for autodiscover.gusewski.email: 2a03:4000:9:104::1 - skipping A record check 29.6.2019, 10:27:44 Confirmed AAAA record 2a03:4000:9:104::1 29.6.2019, 10:27:44 Found AAAA record for autoconfig.gusewski.de: 2a03:4000:9:104::1 - skipping A record check 29.6.2019, 10:27:44 Confirmed AAAA record 2a03:4000:9:104::1 29.6.2019, 10:27:44 Found AAAA record for autodiscover.gusewski.de: 2a03:4000:9:104::1 - skipping A record check 29.6.2019, 10:27:43 Confirmed AAAA record 2a03:4000:9:104::1 29.6.2019, 10:27:43 Found AAAA record for autoconfig.gusewski.biz: 2a03:4000:9:104::1 - skipping A record check 29.6.2019, 10:27:43 Confirmed AAAA record 2a03:4000:9:104::1 29.6.2019, 10:27:43 Found AAAA record for autodiscover.gusewski.biz: 2a03:4000:9:104::1 - skipping A record check 29.6.2019, 10:27:43 OK 29.6.2019, 10:27:43 Detecting IP addresses... 29.6.2019, 10:27:43 Using existing Lets Encrypt account key /var/lib/acme/acme/account.pem 29.6.2019, 10:27:43 Using existing domain key /var/lib/acme/acme/key.pem Initializing, please wait... 29.6.2019, 10:27:43 OK 29.6.2019, 10:27:43 Waiting for domain table... 29.6.2019, 10:27:43 OK 29.6.2019, 10:27:43 Waiting for Nginx... 29.6.2019, 10:27:43 OK 29.6.2019, 10:27:43 Waiting for database... 29.6.2019, 10:27:43 OK 29.6.2019, 10:27:43 Waiting for Docker API... 29.6.2019, 09:57:43 Retrying in 30 minutes... 29.6.2019, 09:57:43 Parsing account key... Parsing CSR... Found domains: autoconfig.gusewski.biz, autoconfig.gusewski.xyz, autodiscover.gusewski.de, autodiscover.gusewski.net, autodiscover.gusewski.xyz, mailcow.gusewski.xyz, autodiscover.gusewski.email, autoconfig.gusewski.email, autoconfig.gusewski.de, autodiscover.gusewski.biz, autoconfig.gusewski.net Getting directory... Directory found! Registering account... Already registered! Creating new order... Order created! Verifying autoconfig.gusewski.de... Traceback (most recent call last): File "/usr/bin/acme-tiny", line 10, in sys.exit(main()) File "/usr/lib/python3.6/site-packages/acme_tiny.py", line 194, in main signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact) File "/usr/lib/python3.6/site-packages/acme_tiny.py", line 150, in get_crt raise ValueError("Challenge did not pass for {0}: {1}".format(domain, authorization)) ValueError: Challenge did not pass for autoconfig.gusewski.de: {'identifier': {'type': 'dns', 'value': 'autoconfig.gusewski.de'}, 'status': 'invalid', 'expires': '2019-07-06T07:27:34Z', 'challenges': [{'type': 'http-01', 'status': 'invalid', 'error': {'type': 'urn:ietf:params:acme:error:unauthorized', 'detail': 'Invalid response from http://autoconfig.gusewski.de/.well-known/acme-challenge/qkOwCNQ5DHT2fjTTwQbYX7rcS1ORWdzv3Oq4amap-h8 [2a03:4000:9:104::1]: "\ \ %!E(MISSING)MAILDOMAIN%!<(MISSING)/dom"', 'status': 403}, 'url': 'https://acme-v02.api.letsencrypt.org/acme/challenge/beCtUI23z2jPP56M1zJ5j2zV_5qYOr0QdTHUUsghnG8/17648576691', 'token': 'qkOwCNQ5DHT2fjTTwQbYX7rcS1ORWdzv3Oq4amap-h8', 'validationRecord': [{'url': 'http://autoconfig.gusewski.de/.well-known/acme-challenge/qkOwCNQ5DHT2fjTTwQbYX7rcS1ORWdzv3Oq4amap-h8', 'hostname': 'autoconfig.gusewski.de', 'port': '80', 'addressesResolved': ['37.221.196.194', '2a03:4000:9:104::1'], 'addressUsed': '2a03:4000:9:104::1'}]}, {'type': 'tls-alpn-01', 'status': 'invalid', 'url': 'https://acme-v02.api.letsencrypt.org/acme/challenge/beCtUI23z2jPP56M1zJ5j2zV_5qYOr0QdTHUUsghnG8/17648576694', 'token': 'wEw4rVQgrpPQAdt_ik8cs_Ivdt7O6ALUfM2kqzE4cF0'}, {'type': 'dns-01', 'status': 'invalid', 'url': 'https://acme-v02.api.letsencrypt.org/acme/challenge/beCtUI23z2jPP56M1zJ5j2zV_5qYOr0QdTHUUsghnG8/17648576697', 'token': 'PIqQe9q16vNJZ7EFVQmezAG5UfMxaGPnUgFnMp0rmwo'}]} 29.6.2019, 09:57:39 Creating backups in /var/lib/acme/backups/2019-06-29_09_57_39/ ...

dofl commented 5 years ago
[user@Mailcow /opt/mailcow-dockerized] sudo docker-compose logs -t --tail=100 acme-mailcow 
Attaching to mailcowdockerized_acme-mailcow_1
acme-mailcow_1       | 2019-06-29T08:00:23.261033811Z Sat Jun 29 10:00:23 CEST 2019 - No A or AAAA record found for hostname autoconfig.domain1.nl
acme-mailcow_1       | 2019-06-29T08:00:23.356737396Z Sat Jun 29 10:00:23 CEST 2019 - Found AAAA record for autodiscover.domain2.nl: 2a01:4f8:c2c:db1::1 - skipping A record check
acme-mailcow_1       | 2019-06-29T08:00:23.405795832Z Sat Jun 29 10:00:23 CEST 2019 - Confirmed AAAA record 2a01:4f8:c2c:db1::1
acme-mailcow_1       | 2019-06-29T08:00:23.461620360Z Sat Jun 29 10:00:23 CEST 2019 - Found AAAA record for autoconfig.domain2.nl: 2a01:4f8:c2c:db1::1 - skipping A record check
acme-mailcow_1       | 2019-06-29T08:00:23.550850232Z Sat Jun 29 10:00:23 CEST 2019 - Confirmed AAAA record 2a01:4f8:c2c:db1::1
acme-mailcow_1       | 2019-06-29T08:00:23.630305735Z Sat Jun 29 10:00:23 CEST 2019 - Found AAAA record for autodiscover.domain3.nl: 2a01:4f8:c2c:db1::1 - skipping A record check
acme-mailcow_1       | 2019-06-29T08:00:23.665394099Z Sat Jun 29 10:00:23 CEST 2019 - Confirmed AAAA record 2a01:4f8:c2c:db1::1
acme-mailcow_1       | 2019-06-29T08:00:23.721993151Z Sat Jun 29 10:00:23 CEST 2019 - Found AAAA record for autoconfig.domain3.nl: 2a01:4f8:c2c:db1::1 - skipping A record check
acme-mailcow_1       | 2019-06-29T08:00:23.821695799Z Sat Jun 29 10:00:23 CEST 2019 - Confirmed AAAA record 2a01:4f8:c2c:db1::1
acme-mailcow_1       | 2019-06-29T08:00:23.881084674Z Sat Jun 29 10:00:23 CEST 2019 - Found AAAA record for autodiscover.domain4.nl: 2a01:4f8:c2c:db1::1 - skipping A record check
acme-mailcow_1       | 2019-06-29T08:00:23.915229243Z Sat Jun 29 10:00:23 CEST 2019 - Confirmed AAAA record 2a01:4f8:c2c:db1::1
acme-mailcow_1       | 2019-06-29T08:00:23.987599975Z Sat Jun 29 10:00:23 CEST 2019 - Found AAAA record for autoconfig.domain4.nl: 2a01:4f8:c2c:db1::1 - skipping A record check
acme-mailcow_1       | 2019-06-29T08:00:24.067592110Z Sat Jun 29 10:00:24 CEST 2019 - Confirmed AAAA record 2a01:4f8:c2c:db1::1
acme-mailcow_1       | 2019-06-29T08:00:24.149725907Z Sat Jun 29 10:00:24 CEST 2019 - Found A record for autodiscover.domain5.com: 146.185.153.44
acme-mailcow_1       | 2019-06-29T08:00:24.160972156Z Sat Jun 29 10:00:24 CEST 2019 - Cannot match your IP 94.130.176.136 against hostname autodiscover.domain5.com (146.185.153.44)
acme-mailcow_1       | 2019-06-29T08:00:24.233424489Z Sat Jun 29 10:00:24 CEST 2019 - Found A record for autoconfig.domain5.com: 146.185.153.44
acme-mailcow_1       | 2019-06-29T08:00:24.245882545Z Sat Jun 29 10:00:24 CEST 2019 - Cannot match your IP 94.130.176.136 against hostname autoconfig.domain5.com (146.185.153.44)
acme-mailcow_1       | 2019-06-29T08:00:24.315341476Z Sat Jun 29 10:00:24 CEST 2019 - No A or AAAA record found for hostname autodiscover.domain5.net
acme-mailcow_1       | 2019-06-29T08:00:24.389388275Z Sat Jun 29 10:00:24 CEST 2019 - No A or AAAA record found for hostname autoconfig.domain5.net
acme-mailcow_1       | 2019-06-29T08:00:24.462321694Z Sat Jun 29 10:00:24 CEST 2019 - No A or AAAA record found for hostname autodiscover.domain6.nl
acme-mailcow_1       | 2019-06-29T08:00:24.521752676Z Sat Jun 29 10:00:24 CEST 2019 - No A or AAAA record found for hostname autoconfig.domain6.nl
acme-mailcow_1       | 2019-06-29T08:00:24.566313489Z Sat Jun 29 10:00:24 CEST 2019 - Found AAAA record for mail.domain2.nl: 2a01:4f8:c2c:db1::1 - skipping A record check
acme-mailcow_1       | 2019-06-29T08:00:24.622721128Z Sat Jun 29 10:00:24 CEST 2019 - Confirmed AAAA record 2a01:4f8:c2c:db1::1
acme-mailcow_1       | 2019-06-29T08:00:24.816201592Z Sat Jun 29 10:00:24 CEST 2019 - Found new SANs autoconfig.domain2.nl autoconfig.domain3.nl autoconfig.domain4.nl
acme-mailcow_1       | 2019-06-29T08:00:24.838377417Z Sat Jun 29 10:00:24 CEST 2019 - Creating backups in /var/lib/acme/backups/2019-06-29_10_00_24/ ...
acme-mailcow_1       | 2019-06-29T08:00:25.223198975Z Parsing account key...
acme-mailcow_1       | 2019-06-29T08:00:25.237487435Z Parsing CSR...
acme-mailcow_1       | 2019-06-29T08:00:25.250904124Z Found domains: autodiscover.domain2.nl, autoconfig.domain3.nl, autodiscover.domain3.nl, mail.domain2.nl, autodiscover.domain4.nl, autoconfig.domain4.nl, autoconfig.domain2.nl
acme-mailcow_1       | 2019-06-29T08:00:25.251251589Z Getting directory...
acme-mailcow_1       | 2019-06-29T08:00:25.486940098Z Directory found!
acme-mailcow_1       | 2019-06-29T08:00:25.487381533Z Registering account...
acme-mailcow_1       | 2019-06-29T08:00:25.910806756Z Already registered!
acme-mailcow_1       | 2019-06-29T08:00:25.911576724Z Creating new order...
acme-mailcow_1       | 2019-06-29T08:00:26.602144106Z Order created!
acme-mailcow_1       | 2019-06-29T08:00:26.817996083Z Verifying autoconfig.domain3.nl...
acme-mailcow_1       | 2019-06-29T08:00:29.730837933Z Traceback (most recent call last):
acme-mailcow_1       | 2019-06-29T08:00:29.730965782Z   File "/usr/bin/acme-tiny", line 10, in <module>
acme-mailcow_1       | 2019-06-29T08:00:29.730972648Z     sys.exit(main())
acme-mailcow_1       | 2019-06-29T08:00:29.730976985Z   File "/usr/lib/python3.6/site-packages/acme_tiny.py", line 194, in main
acme-mailcow_1       | 2019-06-29T08:00:29.730981347Z     signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
acme-mailcow_1       | 2019-06-29T08:00:29.730985739Z   File "/usr/lib/python3.6/site-packages/acme_tiny.py", line 150, in get_crt
acme-mailcow_1       | 2019-06-29T08:00:29.730990059Z     raise ValueError("Challenge did not pass for {0}: {1}".format(domain, authorization))
acme-mailcow_1       | 2019-06-29T08:00:29.731462264Z ValueError: Challenge did not pass for autoconfig.domain3.nl: {'identifier': {'type': 'dns', 'value': 'autoconfig.domain3.nl'}, 'status': 'invalid', 'expires': '2019-07-06T07:30:19Z', 'challenges': [{'type': 'http-01', 'status': 'invalid', 'error': {'type': 'urn:ietf:params:acme:error:unauthorized', 'detail': 'Invalid response from http://autoconfig.domain3.nl/.well-known/acme-challenge/qjz76V2fbF9FNS73vYYJ8BkkWGv9LcUkE1sI_QXWL9o [2a01:4f8:c2c:db1::1]: "<?xml version=\\"1.0\\"?><clientConfig version=\\"1.1\\">\\n    <emailProvider id=\\"mail.domain2.nl\\">\\n      <domain>%!E(MISSING)MAILDOMAIN%!<(MISSING)/domain>\\n   "', 'status': 403}, 'url': 'https://acme-v02.api.letsencrypt.org/acme/challenge/C-a1JM30HjwjJaK61SwgE2aYHqNA-5pm04Pd_whfW3M/17648649501', 'token': 'qjz76V2fbF9FNS73vYYJ8BkkWGv9LcUkE1sI_QXWL9o', 'validationRecord': [{'url': 'http://autoconfig.domain3.nl/.well-known/acme-challenge/qjz76V2fbF9FNS73vYYJ8BkkWGv9LcUkE1sI_QXWL9o', 'hostname': 'autoconfig.domain3.nl', 'port': '80', 'addressesResolved': ['94.130.176.136', '2a01:4f8:c2c:db1::1'], 'addressUsed': '2a01:4f8:c2c:db1::1'}]}, {'type': 'tls-alpn-01', 'status': 'invalid', 'url': 'https://acme-v02.api.letsencrypt.org/acme/challenge/C-a1JM30HjwjJaK61SwgE2aYHqNA-5pm04Pd_whfW3M/17648649502', 'token': '4U0JWFlNqSTbC01QCtck_tuorxSMxUPPJS-xl1C2okg'}, {'type': 'dns-01', 'status': 'invalid', 'url': 'https://acme-v02.api.letsencrypt.org/acme/challenge/C-a1JM30HjwjJaK61SwgE2aYHqNA-5pm04Pd_whfW3M/17648649503', 'token': 'wd5btoD-xpkvj5m-K0VGH8KWY61jYmz5lWi-z1q3sUo'}]}
acme-mailcow_1       | 2019-06-29T08:00:29.777934619Z Sat Jun 29 10:00:29 CEST 2019 - Retrying in 30 minutes...
acme-mailcow_1       | 2019-06-29T08:00:29.785696172Z OK
acme-mailcow_1       | 2019-06-29T08:30:29.812024830Z Sat Jun 29 10:30:29 CEST 2019 - Waiting for Docker API...OK
acme-mailcow_1       | 2019-06-29T08:30:29.859115297Z Sat Jun 29 10:30:29 CEST 2019 - Waiting for database... Uptime: 158686  Threads: 56  Questions: 753606  Slow queries: 0  Opens: 152  Flush tables: 1  Open tables: 144  Queries per second avg: 4.749
acme-mailcow_1       | 2019-06-29T08:30:29.860389235Z OK
acme-mailcow_1       | 2019-06-29T08:30:29.893983786Z Sat Jun 29 10:30:29 CEST 2019 - Waiting for Nginx... OK
acme-mailcow_1       | 2019-06-29T08:30:29.930751744Z Sat Jun 29 10:30:29 CEST 2019 - Waiting for domain table... OK
acme-mailcow_1       | 2019-06-29T08:30:29.937205833Z Sat Jun 29 10:30:29 CEST 2019 - Initializing, please wait... 
acme-mailcow_1       | 2019-06-29T08:30:29.945287221Z Sat Jun 29 10:30:29 CEST 2019 - Using existing domain key /var/lib/acme/acme/key.pem
acme-mailcow_1       | 2019-06-29T08:30:29.950748864Z Sat Jun 29 10:30:29 CEST 2019 - Using existing Lets Encrypt account key /var/lib/acme/acme/account.pem
acme-mailcow_1       | 2019-06-29T08:30:30.037451550Z Sat Jun 29 10:30:29 CEST 2019 - Detecting IP addresses... OK
acme-mailcow_1       | 2019-06-29T08:30:30.198252249Z Sat Jun 29 10:30:30 CEST 2019 - No A or AAAA record found for hostname autodiscover.domain1.nl
acme-mailcow_1       | 2019-06-29T08:30:30.273742793Z Sat Jun 29 10:30:30 CEST 2019 - No A or AAAA record found for hostname autoconfig.domain1.nl
acme-mailcow_1       | 2019-06-29T08:30:30.392189284Z Sat Jun 29 10:30:30 CEST 2019 - Found AAAA record for autodiscover.domain2.nl: 2a01:4f8:c2c:db1::1 - skipping A record check
acme-mailcow_1       | 2019-06-29T08:30:30.428449575Z Sat Jun 29 10:30:30 CEST 2019 - Confirmed AAAA record 2a01:4f8:c2c:db1::1
acme-mailcow_1       | 2019-06-29T08:30:30.486537222Z Sat Jun 29 10:30:30 CEST 2019 - Found AAAA record for autoconfig.domain2.nl: 2a01:4f8:c2c:db1::1 - skipping A record check
acme-mailcow_1       | 2019-06-29T08:30:30.568093640Z Sat Jun 29 10:30:30 CEST 2019 - Confirmed AAAA record 2a01:4f8:c2c:db1::1
acme-mailcow_1       | 2019-06-29T08:30:30.651525345Z Sat Jun 29 10:30:30 CEST 2019 - Found AAAA record for autodiscover.domain3.nl: 2a01:4f8:c2c:db1::1 - skipping A record check
acme-mailcow_1       | 2019-06-29T08:30:30.691751908Z Sat Jun 29 10:30:30 CEST 2019 - Confirmed AAAA record 2a01:4f8:c2c:db1::1
acme-mailcow_1       | 2019-06-29T08:30:30.738782223Z Sat Jun 29 10:30:30 CEST 2019 - Found AAAA record for autoconfig.domain3.nl: 2a01:4f8:c2c:db1::1 - skipping A record check
acme-mailcow_1       | 2019-06-29T08:30:30.836455055Z Sat Jun 29 10:30:30 CEST 2019 - Confirmed AAAA record 2a01:4f8:c2c:db1::1
acme-mailcow_1       | 2019-06-29T08:30:30.905293003Z Sat Jun 29 10:30:30 CEST 2019 - Found AAAA record for autodiscover.domain4.nl: 2a01:4f8:c2c:db1::1 - skipping A record check
acme-mailcow_1       | 2019-06-29T08:30:30.938485502Z Sat Jun 29 10:30:30 CEST 2019 - Confirmed AAAA record 2a01:4f8:c2c:db1::1
acme-mailcow_1       | 2019-06-29T08:30:30.992176080Z Sat Jun 29 10:30:30 CEST 2019 - Found AAAA record for autoconfig.domain4.nl: 2a01:4f8:c2c:db1::1 - skipping A record check
acme-mailcow_1       | 2019-06-29T08:30:31.068191867Z Sat Jun 29 10:30:31 CEST 2019 - Confirmed AAAA record 2a01:4f8:c2c:db1::1
acme-mailcow_1       | 2019-06-29T08:30:31.154644302Z Sat Jun 29 10:30:31 CEST 2019 - Found A record for autodiscover.domain5.com: 146.185.153.44
acme-mailcow_1       | 2019-06-29T08:30:31.167276077Z Sat Jun 29 10:30:31 CEST 2019 - Cannot match your IP 94.130.176.136 against hostname autodiscover.domain5.com (146.185.153.44)
acme-mailcow_1       | 2019-06-29T08:30:31.240689692Z Sat Jun 29 10:30:31 CEST 2019 - Found A record for autoconfig.domain5.com: 146.185.153.44
acme-mailcow_1       | 2019-06-29T08:30:31.252200422Z Sat Jun 29 10:30:31 CEST 2019 - Cannot match your IP 94.130.176.136 against hostname autoconfig.domain5.com (146.185.153.44)
acme-mailcow_1       | 2019-06-29T08:30:31.320893874Z Sat Jun 29 10:30:31 CEST 2019 - No A or AAAA record found for hostname autodiscover.domain5.net
acme-mailcow_1       | 2019-06-29T08:30:31.399235620Z Sat Jun 29 10:30:31 CEST 2019 - No A or AAAA record found for hostname autoconfig.domain5.net
acme-mailcow_1       | 2019-06-29T08:30:31.490279959Z Sat Jun 29 10:30:31 CEST 2019 - No A or AAAA record found for hostname autodiscover.domain6.nl
acme-mailcow_1       | 2019-06-29T08:30:31.596181311Z Sat Jun 29 10:30:31 CEST 2019 - No A or AAAA record found for hostname autoconfig.domain6.nl
acme-mailcow_1       | 2019-06-29T08:30:31.628454217Z Sat Jun 29 10:30:31 CEST 2019 - Found AAAA record for mail.domain2.nl: 2a01:4f8:c2c:db1::1 - skipping A record check
acme-mailcow_1       | 2019-06-29T08:30:31.662189951Z Sat Jun 29 10:30:31 CEST 2019 - Confirmed AAAA record 2a01:4f8:c2c:db1::1
acme-mailcow_1       | 2019-06-29T08:30:31.715494444Z Sat Jun 29 10:30:31 CEST 2019 - Found new SANs autoconfig.domain2.nl autoconfig.domain3.nl autoconfig.domain4.nl
acme-mailcow_1       | 2019-06-29T08:30:31.726044736Z Sat Jun 29 10:30:31 CEST 2019 - Creating backups in /var/lib/acme/backups/2019-06-29_10_30_31/ ...
acme-mailcow_1       | 2019-06-29T08:30:31.932560468Z Parsing account key...
acme-mailcow_1       | 2019-06-29T08:30:31.944459288Z Parsing CSR...
acme-mailcow_1       | 2019-06-29T08:30:31.954447111Z Found domains: mail.domain2.nl, autodiscover.domain4.nl, autodiscover.domain2.nl, autodiscover.domain3.nl, autoconfig.domain2.nl, autoconfig.domain4.nl, autoconfig.domain3.nl
acme-mailcow_1       | 2019-06-29T08:30:31.954742106Z Getting directory...
acme-mailcow_1       | 2019-06-29T08:30:32.415946374Z Directory found!
acme-mailcow_1       | 2019-06-29T08:30:32.416538014Z Registering account...
acme-mailcow_1       | 2019-06-29T08:30:32.868463694Z Already registered!
acme-mailcow_1       | 2019-06-29T08:30:32.869127149Z Creating new order...
acme-mailcow_1       | 2019-06-29T08:30:33.504756725Z Order created!
acme-mailcow_1       | 2019-06-29T08:30:33.705141526Z Verifying autoconfig.domain2.nl...
acme-mailcow_1       | 2019-06-29T08:30:36.607716291Z Traceback (most recent call last):
acme-mailcow_1       | 2019-06-29T08:30:36.607811691Z   File "/usr/bin/acme-tiny", line 10, in <module>
acme-mailcow_1       | 2019-06-29T08:30:36.607830922Z     sys.exit(main())
acme-mailcow_1       | 2019-06-29T08:30:36.607887836Z   File "/usr/lib/python3.6/site-packages/acme_tiny.py", line 194, in main
acme-mailcow_1       | 2019-06-29T08:30:36.607900191Z     signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
acme-mailcow_1       | 2019-06-29T08:30:36.607909381Z   File "/usr/lib/python3.6/site-packages/acme_tiny.py", line 150, in get_crt
acme-mailcow_1       | 2019-06-29T08:30:36.607917698Z     raise ValueError("Challenge did not pass for {0}: {1}".format(domain, authorization))
acme-mailcow_1       | 2019-06-29T08:30:36.608698252Z ValueError: Challenge did not pass for autoconfig.domain2.nl: {'identifier': {'type': 'dns', 'value': 'autoconfig.domain2.nl'}, 'status': 'invalid', 'expires': '2019-07-06T08:00:26Z', 'challenges': [{'type': 'http-01', 'status': 'invalid', 'error': {'type': 'urn:ietf:params:acme:error:unauthorized', 'detail': 'Invalid response from http://autoconfig.domain2.nl/.well-known/acme-challenge/nO9MM0pwx7dSw_zrwTqbDSAB82vspr-KUtT7BQ6pE2g [2a01:4f8:c2c:db1::1]: "<?xml version=\\"1.0\\"?><clientConfig version=\\"1.1\\">\\n    <emailProvider id=\\"mail.domain2.nl\\">\\n      <domain>%!E(MISSING)MAILDOMAIN%!<(MISSING)/domain>\\n   "', 'status': 403}, 'url': 'https://acme-v02.api.letsencrypt.org/acme/challenge/1Fm-5CseNbnGjT3L9Zdp0TQzEcjBUYMRP1NxgBIj8So/17649428050', 'token': 'nO9MM0pwx7dSw_zrwTqbDSAB82vspr-KUtT7BQ6pE2g', 'validationRecord': [{'url': 'http://autoconfig.domain2.nl/.well-known/acme-challenge/nO9MM0pwx7dSw_zrwTqbDSAB82vspr-KUtT7BQ6pE2g', 'hostname': 'autoconfig.domain2.nl', 'port': '80', 'addressesResolved': ['94.130.176.136', '2a01:4f8:c2c:db1::1'], 'addressUsed': '2a01:4f8:c2c:db1::1'}]}, {'type': 'dns-01', 'status': 'invalid', 'url': 'https://acme-v02.api.letsencrypt.org/acme/challenge/1Fm-5CseNbnGjT3L9Zdp0TQzEcjBUYMRP1NxgBIj8So/17649428051', 'token': 'LCzOrNxo9NNIDnrgknf8gyY7yRLYpS7u2UdnDIEJj8w'}, {'type': 'tls-alpn-01', 'status': 'invalid', 'url': 'https://acme-v02.api.letsencrypt.org/acme/challenge/1Fm-5CseNbnGjT3L9Zdp0TQzEcjBUYMRP1NxgBIj8So/17649428054', 'token': 'NrYyJeyEolAYWlt_hswrGEGo6UZCx8HcUomeoY2RQs4'}]}
acme-mailcow_1       | 2019-06-29T08:30:36.651245820Z Sat Jun 29 10:30:36 CEST 2019 - Retrying in 30 minutes...
acme-mailcow_1       | 2019-06-29T08:30:36.658711602Z OK
andryyy commented 5 years ago

Can you post your data/conf/nginx/site.conf? Or just the first ~50 lines. :)

dofl commented 5 years ago
[user@Mailcow /opt/mailcow-dockerized] cat data/conf/nginx/site.conf | head -n 100
server_tokens off;
proxy_cache_path /tmp levels=1:2 keys_zone=sogo:10m inactive=24h  max_size=1g;
server_names_hash_bucket_size 64;

map $http_x_forwarded_proto $client_req_scheme {
     default $scheme;
     https https;
}

server {
  listen 80;
  listen [::]:80;
  server_name autoconfig.*;
  root /web;
  location / {
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_pass phpfpm:9002;
    include /etc/nginx/fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root/autoconfig.php;
    try_files /autoconfig.php =404;
  }
}

server {
  listen 80 default_server;
  listen [::]:80 default_server;
  include /etc/nginx/conf.d/server_name.active;
  if ( $request_uri ~* "%0A|%0D" ) { return 403; }
  return 301 https://$host$uri$is_args$args;
}

server {
  include /etc/nginx/mime.types;
  charset utf-8;
  override_charset on;

  ssl_certificate /etc/ssl/mail/cert.pem;
  ssl_certificate_key /etc/ssl/mail/key.pem;
  ssl_protocols TLSv1.2 TLSv1.3;
  ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
  ssl_prefer_server_ciphers on;
  ssl_session_cache shared:SSL:50m;
  ssl_session_timeout 1d;
  ssl_session_tickets off;

  add_header Strict-Transport-Security "max-age=15768000;";
  add_header X-Content-Type-Options nosniff;
  add_header X-XSS-Protection "1; mode=block";
  add_header X-Robots-Tag none;
  add_header X-Download-Options noopen;
  add_header X-Frame-Options "SAMEORIGIN" always;
  add_header X-Permitted-Cross-Domain-Policies none;
  add_header Referrer-Policy strict-origin;

  index index.php index.html;

  client_max_body_size 0;

  listen 127.0.0.1:65510;
  include /etc/nginx/conf.d/listen_plain.active;
  include /etc/nginx/conf.d/listen_ssl.active;
  include /etc/nginx/conf.d/server_name.active;

  gzip on;
  gzip_disable "msie6";

  gzip_vary on;
  gzip_proxied off;
  gzip_comp_level 6;
  gzip_buffers 16 8k;
  gzip_http_version 1.1;
  gzip_min_length 256;
  gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon;

  location ~ ^/(fonts|js|css|img)/ {
    expires max;
    add_header Cache-Control public;
  }

  error_log  /var/log/nginx/error.log;
  access_log /var/log/nginx/access.log;
  absolute_redirect off;
  root /web;

  location / {
    try_files $uri $uri/ @strip-ext;
  }

  location /qhandler {
    rewrite ^/qhandler/(.*)/(.*) /qhandler.php?action=$1&hash=$2;
  }

  location /edit {
    rewrite ^/edit/(.*)/(.*) /edit.php?$1=$2;
  }

  location @strip-ext {
    rewrite ^(.*)$ $1.php last;
  }
andryyy commented 5 years ago

Can you remove this and restart Nginx and ACME by running docker-compose restart nginx-mailcow ; sleep 3 ; docker-compose restart acme-mailcow?

server {
  listen 80;
  listen [::]:80;
  server_name autoconfig.*;
  root /web;
  location / {
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_pass phpfpm:9002;
    include /etc/nginx/fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root/autoconfig.php;
    try_files /autoconfig.php =404;
  }
}
lgusewski commented 5 years ago

Had the same part in my site.conf, deleted and restarted the two container. Seems to solve:

Certificate successfully deployed, removing backup, sleeping 1d

29.6.2019, 11:31:10 | Verified hashes. 29.6.2019, 11:31:10 | Deploying... 29.6.2019, 11:31:10 | Parsing account key... Parsing CSR... Found domains: mailcow.gusewski.xyz, autodiscover.gusewski.net, autoconfig.gusewski.email, autodiscover.gusewski.biz, autoconfig.gusewski.biz, autoconfig.gusewski.de, autoconfig.gusewski.xyz, autodiscover.gusewski.xyz, autodiscover.gusewski.de, autoconfig.gusewski.net, autodiscover.gusewski.email Getting directory... Directory found! Registering account... Already registered! Creating new order... Order created! Verifying autoconfig.gusewski.de... autoconfig.gusewski.de verified! Verifying autoconfig.gusewski.email... autoconfig.gusewski.email verified! Verifying autoconfig.gusewski.net... autoconfig.gusewski.net verified! Verifying autoconfig.gusewski.xyz... autoconfig.gusewski.xyz verified! Verifying autodiscover.gusewski.biz... autodiscover.gusewski.biz verified! Verifying autodiscover.gusewski.de... autodiscover.gusewski.de verified! Verifying autodiscover.gusewski.email... autodiscover.gusewski.email verified! Verifying autodiscover.gusewski.net... autodiscover.gusewski.net verified! Verifying autodiscover.gusewski.xyz... autodiscover.gusewski.xyz verified! Verifying mailcow.gusewski.xyz... mailcow.gusewski.xyz verified! Verifying autoconfig.gusewski.biz... autoconfig.gusewski.biz verified! Signing certificate... Certificate signed! 29.6.2019, 11:30:34 | Creating backups in /var/lib/acme/backups/2019-06-29_11_30_34/ ...

apintocr commented 5 years ago

I can confirm that removing the provided lines by @andryyy solves the issue.

andryyy commented 5 years ago

I think I need to add a better check for the HTTP verification.

stale[bot] commented 5 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

hansism commented 4 years ago

Can you remove this and restart Nginx and ACME by running docker-compose restart nginx-mailcow ; sleep 3 ; docker-compose restart acme-mailcow?

server {
  listen 80;
  listen [::]:80;
  server_name autoconfig.*;
  root /web;
  location / {
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_pass phpfpm:9002;
    include /etc/nginx/fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root/autoconfig.php;
    try_files /autoconfig.php =404;
  }
}

I have same problem so I tried remove above codes but, site.conf file has changed. Current site.conf is

server_tokens off;
proxy_cache_path /tmp levels=1:2 keys_zone=sogo:10m inactive=24h  max_size=1g;
server_names_hash_bucket_size 64;

map $http_x_forwarded_proto $client_req_scheme {
     default $scheme;
     https https;
}

include /etc/nginx/conf.d/sites.active;

What I should change in order to fix this problem?