ACME requests a new SSL certificate for the added domains everyday on a fresh Mailcow installation.

[simarmannsingh]

Contribution guidelines

• [X] I've read the contribution guidelines and wholeheartedly agree

I've found a bug and checked that ...

• [X] ... I understand that not following the below instructions will result in immediate closure and/or deletion of my issue.
• [X] ... I have understood that this bug report is dedicated for bugs, and not for support-related inquiries.
• [X] ... I have understood that answers are voluntary and community-driven, and not commercial support.
• [X] ... I have verified that my issue has not been already answered in the past. I also checked previous issues.

Description

On a fresh installation of Mailcow (installed on Ubuntu), the `acme-mailcow` renews the SSL certificates for the domains everyday.

For the installation, followed the official installation, also outlined in this video https://www.youtube.com/watch?v=4rzc0hWRSPg&ab_channel=ChristianLempa

Check if the

Logs:

Fri Sep  6 21:03:53 UTC 2024 - Waiting for Docker API...
Fri Sep  6 21:03:53 UTC 2024 - Docker API OK
Fri Sep  6 21:03:53 UTC 2024 - Waiting for Postfix...
Fri Sep  6 21:03:53 UTC 2024 - Postfix OK
Fri Sep  6 21:03:53 UTC 2024 - Waiting for Dovecot...
Fri Sep  6 21:03:53 UTC 2024 - Dovecot OK
Fri Sep  6 21:03:53 UTC 2024 - Waiting for database...
Fri Sep  6 21:03:53 UTC 2024 - Database OK
Fri Sep  6 21:03:53 UTC 2024 - Waiting for Nginx...
Fri Sep  6 21:03:53 UTC 2024 - Nginx OK
Fri Sep  6 21:03:53 UTC 2024 - Waiting for resolver...
Fri Sep  6 21:03:54 UTC 2024 - Resolver OK
Fri Sep  6 21:03:54 UTC 2024 - Waiting for domain table...
OK
Fri Sep  6 21:03:55 UTC 2024 - Initializing, please wait...
Could not find certificate from <stdin>
Could not find certificate from <stdin>
Fri Sep  6 21:03:55 UTC 2024 - Using existing domain rsa key /var/lib/acme/acme/key.pem
Fri Sep  6 21:03:55 UTC 2024 - Using existing Lets Encrypt account key /var/lib/acme/acme/account.pem
Fri Sep  6 21:03:55 UTC 2024 - Detecting IP addresses...
Fri Sep  6 21:04:15 UTC 2024 - OK: 49.13.146.229, 0000:0000:0000:0000:0000:0000:0000:0000
Fri Sep  6 21:04:18 UTC 2024 - Found A record for autodiscover.domain2.in: 49.13.146.229
Fri Sep  6 21:04:18 UTC 2024 - Confirmed A record 49.13.146.229
Fri Sep  6 21:04:18 UTC 2024 - Found A record for autoconfig.domain2.in: 49.13.146.229
Fri Sep  6 21:04:18 UTC 2024 - Confirmed A record 49.13.146.229
Fri Sep  6 21:04:18 UTC 2024 - Found A record for autodiscover.domain1.com: 49.13.146.229
Fri Sep  6 21:04:18 UTC 2024 - Confirmed A record 49.13.146.229
Fri Sep  6 21:04:18 UTC 2024 - Found A record for autoconfig.domain1.com: 49.13.146.229
Fri Sep  6 21:04:18 UTC 2024 - Confirmed A record 49.13.146.229
Fri Sep  6 21:04:18 UTC 2024 - Found A record for mail.domain1.com: 49.13.146.229
Fri Sep  6 21:04:18 UTC 2024 - Confirmed A record 49.13.146.229
Fri Sep  6 21:04:18 UTC 2024 - Certificate /var/lib/acme/mail.domain1.com/cert.pem validation done, neither changed nor due for renewal.
Fri Sep  6 21:04:18 UTC 2024 - Certificates were successfully validated, no changes or renewals required, sleeping for another day.
Sat Sep  7 21:04:19 UTC 2024 - Using existing domain rsa key /var/lib/acme/acme/key.pem
Sat Sep  7 21:04:19 UTC 2024 - Using existing Lets Encrypt account key /var/lib/acme/acme/account.pem
Sat Sep  7 21:04:19 UTC 2024 - Detecting IP addresses...
Sat Sep  7 21:04:39 UTC 2024 - OK: 49.13.146.229, 0000:0000:0000:0000:0000:0000:0000:0000
Sat Sep  7 21:04:45 UTC 2024 - No A or AAAA record found for hostname autodiscover.domain2.in
Sat Sep  7 21:04:46 UTC 2024 - Found A record for autoconfig.domain2.in: 49.13.146.229
Sat Sep  7 21:04:46 UTC 2024 - Confirmed A record 49.13.146.229
Sat Sep  7 21:04:47 UTC 2024 - Found A record for autodiscover.domain1.com: 49.13.146.229
Sat Sep  7 21:04:47 UTC 2024 - Confirmed A record 49.13.146.229
Sat Sep  7 21:04:47 UTC 2024 - Found A record for autoconfig.domain1.com: 49.13.146.229
Sat Sep  7 21:04:47 UTC 2024 - Confirmed A record 49.13.146.229
Sat Sep  7 21:04:47 UTC 2024 - Found A record for mail.domain1.com: 49.13.146.229
Sat Sep  7 21:04:47 UTC 2024 - Confirmed A record 49.13.146.229
Sat Sep  7 21:04:47 UTC 2024 - Certificate /var/lib/acme/mail.domain1.com/cert.pem missing or changed domains 'mail.domain1.com autoconfig.domain2.in autoconfig.domain1.com autodiscover.domain1.com' - start obtaining
Sat Sep  7 21:04:47 UTC 2024 - Creating backups in /var/lib/acme/backups/mail.domain1.com/2024-09-07_21_04_47 ...
Sat Sep  7 21:04:47 UTC 2024 - Checking resolver...
Sat Sep  7 21:04:47 UTC 2024 - Resolver OK
Sat Sep  7 21:04:47 UTC 2024 - Using command acme-tiny   --account-key /var/lib/acme/acme/account.pem --disable-check --csr /var/lib/acme/mail.domain1.com/acme.csr --acme-dir /var/www/acme/
Parsing account key...
Parsing CSR...
Found domains: autoconfig.domain1.com, autodiscover.domain1.com, autoconfig.domain2.in, mail.domain1.com
Getting directory...
Directory found!
Registering account...
Already registered! Account ID: https://acme-v02.api.letsencrypt.org/acme/acct/1929239876
Creating new order...
Order created!
Already verified: autoconfig.domain2.in, skipping...
Already verified: autoconfig.domain1.com, skipping...
Already verified: autodiscover.domain1.com, skipping...
Already verified: mail.domain1.com, skipping...
Signing certificate...
Certificate signed!
Sat Sep  7 21:04:58 UTC 2024 - Deploying certificate /var/lib/acme/mail.domain1.com/cert.pem...
Sat Sep  7 21:04:58 UTC 2024 - Verified hashes.
Sat Sep  7 21:04:58 UTC 2024 - Certificate successfully obtained
Sat Sep  7 21:04:59 UTC 2024 - Reloading or restarting services... (1)
Reloading Nginx...
Restarting d0ae822f627810efc598bd9282b5a33da7577ee4483ecc05c47f03a7bc878949...
command completed successfully
Restarting 9060a16bd78a1ec961bf24bfea6670160f5ddbd8ede04bc5c4bfdc4f1457a41e...
command completed successfully
Sat Sep  7 21:05:05 UTC 2024 - Waiting for containers to settle...
Sat Sep  7 21:05:16 UTC 2024 - Certificates were successfully renewed where required, sleeping for another day.
Sun Sep  8 21:05:16 UTC 2024 - Using existing domain rsa key /var/lib/acme/acme/key.pem
Sun Sep  8 21:05:16 UTC 2024 - Using existing Lets Encrypt account key /var/lib/acme/acme/account.pem
Sun Sep  8 21:05:16 UTC 2024 - Detecting IP addresses...
Sun Sep  8 21:05:37 UTC 2024 - OK: 49.13.146.229, 0000:0000:0000:0000:0000:0000:0000:0000
Sun Sep  8 21:05:39 UTC 2024 - Found A record for autodiscover.domain2.in: 49.13.146.229
Sun Sep  8 21:05:39 UTC 2024 - Confirmed A record 49.13.146.229
Sun Sep  8 21:05:39 UTC 2024 - Found A record for autoconfig.domain2.in: 49.13.146.229
Sun Sep  8 21:05:39 UTC 2024 - Confirmed A record 49.13.146.229
Sun Sep  8 21:05:39 UTC 2024 - Found A record for autodiscover.domain1.com: 49.13.146.229
Sun Sep  8 21:05:39 UTC 2024 - Confirmed A record 49.13.146.229
Sun Sep  8 21:05:40 UTC 2024 - Found A record for autoconfig.domain1.com: 49.13.146.229
Sun Sep  8 21:05:40 UTC 2024 - Confirmed A record 49.13.146.229
Sun Sep  8 21:05:40 UTC 2024 - Found A record for mail.domain1.com: 49.13.146.229
Sun Sep  8 21:05:40 UTC 2024 - Confirmed A record 49.13.146.229
Sun Sep  8 21:05:40 UTC 2024 - Certificate /var/lib/acme/mail.domain1.com/cert.pem missing or changed domains 'mail.domain1.com autoconfig.domain2.in autoconfig.domain1.com autodiscover.domain2.in autodiscover.domain1.com' - start obtaining
Sun Sep  8 21:05:40 UTC 2024 - Creating backups in /var/lib/acme/backups/mail.domain1.com/2024-09-08_21_05_40 ...
Sun Sep  8 21:05:41 UTC 2024 - Checking resolver...
Sun Sep  8 21:05:41 UTC 2024 - Resolver OK
Sun Sep  8 21:05:41 UTC 2024 - Using command acme-tiny   --account-key /var/lib/acme/acme/account.pem --disable-check --csr /var/lib/acme/mail.domain1.com/acme.csr --acme-dir /var/www/acme/
Parsing account key...
Parsing CSR...
Found domains: autodiscover.domain1.com, autoconfig.domain2.in, autoconfig.domain1.com, mail.domain1.com, autodiscover.domain2.in
Getting directory...
Directory found!
Registering account...
Already registered! Account ID: https://acme-v02.api.letsencrypt.org/acme/acct/1929239876
Creating new order...
Order created!
Already verified: autoconfig.domain2.in, skipping...
Already verified: autoconfig.domain1.com, skipping...
Already verified: autodiscover.domain2.in, skipping...
Already verified: autodiscover.domain1.com, skipping...
Already verified: mail.domain1.com, skipping...
Signing certificate...
Certificate signed!
Sun Sep  8 21:05:52 UTC 2024 - Deploying certificate /var/lib/acme/mail.domain1.com/cert.pem...
Sun Sep  8 21:05:52 UTC 2024 - Verified hashes.
Sun Sep  8 21:05:52 UTC 2024 - Certificate successfully obtained
Sun Sep  8 21:05:52 UTC 2024 - Reloading or restarting services... (1)
Reloading Nginx...
Restarting d0ae822f627810efc598bd9282b5a33da7577ee4483ecc05c47f03a7bc878949...
command completed successfully
Restarting 9060a16bd78a1ec961bf24bfea6670160f5ddbd8ede04bc5c4bfdc4f1457a41e...
command completed successfully
Sun Sep  8 21:06:00 UTC 2024 - Waiting for containers to settle...
Sun Sep  8 21:06:10 UTC 2024 - Certificates were successfully renewed where required, sleeping for another day.

Steps to reproduce:

1  sudo apt-get update
2  sudo apt-get upgrade
3  sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
4  sudo apt-get install ca-certificates curl
5  install -m 0755 -d /etc/apt/keyrings
6  curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
7  chmod a+r /etc/apt/keyrings/docker.asc
8  echo   "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
9    $(. /etc/os-release && echo "$VERSION_CODENAME") stable" |   sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
10  docker compose version
11  cd /opt
12  git clone https://github.com/mailcow/mailcow-dockerized
13  cd mailcow-dockerized/
14  ./generate_config.sh
15  nano mailcow.conf
16  nano docker-compose.yml 
17  docker compose up -d

Which branch are you using?

master

Which architecture are you using?

x86

Operating System:

Ubuntu 24.04 LTS

Server/VM specifications:

4GB RAM, 2vCPU

Is Apparmor, SELinux or similar active?

yes

Virtualization technology:

kvm

Docker version:

27.2.0

docker-compose version or docker compose version:

v2.29.2

mailcow version:

2024-08a

Reverse proxy:

nginx

Logs of git diff:

None

Logs of iptables -L -vn:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
4896K 1557M MAILCOW    0    --  *      *       0.0.0.0/0            0.0.0.0/0            /* mailcow */
4900K 1560M DOCKER-USER  0    --  *      *       0.0.0.0/0            0.0.0.0/0           
4900K 1560M DOCKER-ISOLATION-STAGE-1  0    --  *      *       0.0.0.0/0            0.0.0.0/0           
3997K 1425M ACCEPT     0    --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
 400K   25M DOCKER     0    --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0           
 502K  110M ACCEPT     0    --  br-mailcow !br-mailcow  0.0.0.0/0            0.0.0.0/0           
 394K   25M ACCEPT     0    --  br-mailcow br-mailcow  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     0    --  *      docker0  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 DOCKER     0    --  *      docker0  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     0    --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     0    --  docker0 docker0  0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.249         tcp dpt:6379
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.5           tcp dpt:8983
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.6           tcp dpt:3306
 2204  127K ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.8           tcp dpt:80
 2088  123K ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.8           tcp dpt:443
   22  1268 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:110
   16   876 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:143
  121  7448 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:993
   33  1852 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:995
    6   316 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:4190
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:12345
  189  9792 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:25
   43  2532 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:465
    6   304 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:587

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 502K  110M DOCKER-ISOLATION-STAGE-2  0    --  br-mailcow !br-mailcow  0.0.0.0/0            0.0.0.0/0           
    0     0 DOCKER-ISOLATION-STAGE-2  0    --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0           
8240K 2630M RETURN     0    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain DOCKER-ISOLATION-STAGE-2 (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       0    --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       0    --  *      docker0  0.0.0.0/0            0.0.0.0/0           
 827K  167M RETURN     0    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination         
8240K 2630M RETURN     0    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain MAILCOW (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       6    --  !br-mailcow br-mailcow  0.0.0.0/0            0.0.0.0/0            /* mailcow isolation */

Logs of ip6tables -L -vn:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 683K  787M MAILCOW    0    --  *      *       ::/0                 ::/0                 /* mailcow */
 683K  787M DOCKER-USER  0    --  *      *       ::/0                 ::/0                
 686K  788M DOCKER-ISOLATION-STAGE-1  0    --  *      *       ::/0                 ::/0                
 555K  779M ACCEPT     0    --  *      br-mailcow  ::/0                 ::/0                 ctstate RELATED,ESTABLISHED
 131K 9103K DOCKER     0    --  *      br-mailcow  ::/0                 ::/0                
    0     0 ACCEPT     0    --  br-mailcow !br-mailcow  ::/0                 ::/0                
 131K 9103K ACCEPT     0    --  br-mailcow br-mailcow  ::/0                 ::/0                

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain DOCKER (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::c  tcp dpt:80
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::c  tcp dpt:443
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::b  tcp dpt:110
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::b  tcp dpt:995
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::b  tcp dpt:993
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::b  tcp dpt:4190
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::b  tcp dpt:143
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::f  tcp dpt:25
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::f  tcp dpt:465
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::f  tcp dpt:587
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::f  tcp dpt:25
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::f  tcp dpt:465
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::f  tcp dpt:587

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DOCKER-ISOLATION-STAGE-2  0    --  br-mailcow !br-mailcow  ::/0                 ::/0                
 683K  787M RETURN     0    --  *      *       ::/0                 ::/0                

Chain DOCKER-ISOLATION-STAGE-2 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       0    --  *      br-mailcow  ::/0                 ::/0                
    0     0 RETURN     0    --  *      *       ::/0                 ::/0                

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination         
1143K 1151M RETURN     0    --  *      *       ::/0                 ::/0                

Chain MAILCOW (1 references)
 pkts bytes target     prot opt in     out     source               destination

Logs of iptables -L -vn -t nat:

Chain PREROUTING (policy ACCEPT 1118K packets, 74M bytes)
 pkts bytes target     prot opt in     out     source               destination         
 103K 5347K DOCKER     0    --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 1820 packets, 136K bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DOCKER     0    --  *      *       0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 681K packets, 42M bytes)
 pkts bytes target     prot opt in     out     source               destination         
 212K   16M MASQUERADE  0    --  *      !br-mailcow  172.22.1.0/24        0.0.0.0/0           
    0     0 MASQUERADE  0    --  *      !docker0  172.17.0.0/16        0.0.0.0/0           
    0     0 MASQUERADE  6    --  *      *       172.22.1.249         172.22.1.249         tcp dpt:6379
    0     0 MASQUERADE  6    --  *      *       172.22.1.5           172.22.1.5           tcp dpt:8983
    0     0 MASQUERADE  6    --  *      *       172.22.1.6           172.22.1.6           tcp dpt:3306
    0     0 MASQUERADE  6    --  *      *       172.22.1.8           172.22.1.8           tcp dpt:80
    0     0 MASQUERADE  6    --  *      *       172.22.1.8           172.22.1.8           tcp dpt:443
    0     0 MASQUERADE  6    --  *      *       172.22.1.250         172.22.1.250         tcp dpt:110
    0     0 MASQUERADE  6    --  *      *       172.22.1.250         172.22.1.250         tcp dpt:143
    0     0 MASQUERADE  6    --  *      *       172.22.1.250         172.22.1.250         tcp dpt:993
    0     0 MASQUERADE  6    --  *      *       172.22.1.250         172.22.1.250         tcp dpt:995
    0     0 MASQUERADE  6    --  *      *       172.22.1.250         172.22.1.250         tcp dpt:4190
    0     0 MASQUERADE  6    --  *      *       172.22.1.250         172.22.1.250         tcp dpt:12345
    0     0 MASQUERADE  6    --  *      *       172.22.1.253         172.22.1.253         tcp dpt:25
    0     0 MASQUERADE  6    --  *      *       172.22.1.253         172.22.1.253         tcp dpt:465
    0     0 MASQUERADE  6    --  *      *       172.22.1.253         172.22.1.253         tcp dpt:587

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
   14   840 RETURN     0    --  br-mailcow *       0.0.0.0/0            0.0.0.0/0           
    0     0 RETURN     0    --  docker0 *       0.0.0.0/0            0.0.0.0/0           
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:18983 to:172.22.1.5:8983
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:7654 to:172.22.1.249:6379
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:13306 to:172.22.1.6:3306
 2205  127K DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 to:172.22.1.8:80
 2088  123K DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443 to:172.22.1.8:443
   22  1268 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:110 to:172.22.1.250:110
   16   876 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:143 to:172.22.1.250:143
  121  7448 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:993 to:172.22.1.250:993
   33  1852 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:995 to:172.22.1.250:995
    6   316 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:4190 to:172.22.1.250:4190
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:19991 to:172.22.1.250:12345
  190  9844 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:25 to:172.22.1.253:25
   43  2532 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:465 to:172.22.1.253:465
    6   304 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:587 to:172.22.1.253:587

Logs of ip6tables -L -vn -t nat:

Chain PREROUTING (policy ACCEPT 99102 packets, 8600K bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DOCKER     0    --  *      *       ::/0                 ::/0                 ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DOCKER     0    --  *      *       ::/0                !::1                  ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 58214 packets, 4657K bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MASQUERADE  0    --  *      !br-mailcow  fd4d:6169:6c63:6f77::/64  ::/0                
    0     0 MASQUERADE  0    --  *      br-mailcow  ::/0                 ::/0                 ADDRTYPE match dst-type LOCAL
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::c  fd4d:6169:6c63:6f77::c  tcp dpt:80
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::c  fd4d:6169:6c63:6f77::c  tcp dpt:443
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::c  fd4d:6169:6c63:6f77::c  tcp dpt:80
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::c  fd4d:6169:6c63:6f77::c  tcp dpt:443
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::b  fd4d:6169:6c63:6f77::b  tcp dpt:995
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::b  fd4d:6169:6c63:6f77::b  tcp dpt:993
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::b  fd4d:6169:6c63:6f77::b  tcp dpt:4190
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::f  fd4d:6169:6c63:6f77::f  tcp dpt:25
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::f  fd4d:6169:6c63:6f77::f  tcp dpt:465
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::f  fd4d:6169:6c63:6f77::f  tcp dpt:587
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::b  fd4d:6169:6c63:6f77::b  tcp dpt:143
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::b  fd4d:6169:6c63:6f77::b  tcp dpt:110
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::10  fd4d:6169:6c63:6f77::10  tcp dpt:25
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::10  fd4d:6169:6c63:6f77::10  tcp dpt:465
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::10  fd4d:6169:6c63:6f77::10  tcp dpt:587
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::b  fd4d:6169:6c63:6f77::b  tcp dpt:110
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::b  fd4d:6169:6c63:6f77::b  tcp dpt:143
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::f  fd4d:6169:6c63:6f77::f  tcp dpt:25
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::f  fd4d:6169:6c63:6f77::f  tcp dpt:465
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::f  fd4d:6169:6c63:6f77::f  tcp dpt:587

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     0    --  br-mailcow *       ::/0                 ::/0                
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:80 to:[fd4d:6169:6c63:6f77::c]:80
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:443 to:[fd4d:6169:6c63:6f77::c]:443
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:110 to:[fd4d:6169:6c63:6f77::b]:110
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:995 to:[fd4d:6169:6c63:6f77::b]:995
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:993 to:[fd4d:6169:6c63:6f77::b]:993
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:4190 to:[fd4d:6169:6c63:6f77::b]:4190
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:143 to:[fd4d:6169:6c63:6f77::b]:143
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:25 to:[fd4d:6169:6c63:6f77::f]:25
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:465 to:[fd4d:6169:6c63:6f77::f]:465
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:587 to:[fd4d:6169:6c63:6f77::f]:587
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:25 to:[fd4d:6169:6c63:6f77::f]:25
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:465 to:[fd4d:6169:6c63:6f77::f]:465
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:587 to:[fd4d:6169:6c63:6f77::f]:587

DNS check:

172.64.155.249
104.18.32.7

[DerLinkman]

You have umask == 0022?

[simarmannsingh]

Yes indeed, umask == 0022. All the installation was done using root user.

[DerLinkman]

I think it's something you've configured wrongly... Github here is no support. The issue is not recreateable under normal circumstances

[milkmaker]

THIS IS A AUTOMATED MESSAGE!

It seems your issue is not a bug. Therefore we highly advise you to get support!

You can get support either by:

• ordering a paid support contract at Servercow (Directly from the developers) or
• using the community forum (Based on volunteers! NO guaranteed answer) or
• using the Telegram support channel (Based on volunteers! NO guaranteed answer)

This issue will be closed. If you think your reported issue is not a support case feel free to comment above and if so the issue will reopened.