Comments (4)
MAGICCC
commented on May 26, 2024
Huh why did you add your domain in the shellscript?
from mailcow-dockerized.
Korsani
commented on May 26, 2024
Huh why did you add your domain in the shellscript?
Running freely, the script attempt to renew bunch of certificates (by fetching the domains in mysql db), among them, for example, louisegoutheraud.fr. When renewing this domain, the script makes a directory called autodiscover.louisegoutheraud.fr. That is fine : on next round the directory is still there.
That is NOT the case with bl-evolution.com, as I described : it creates the directory autoconfig.bl-evolution.com (whereas every other domains end by creating autodiscover). To try to track down what happen, I add the domain in the script so that running with bash -x only show what happen with that (guilty) domains, and not with the good ones.
My guess is that the line 337 DOMAINS=${VALIDATED_DOMAINS_SORTED[@]} /srv/obtain-certificate.sh rsa make a wrong directory (autoconfiginstead of autodiscover), because ${VALIDATED_DOMAINS_SORTED[@]} contains wrong informations because line 322 VALIDATED_DOMAINS_SORTED=(${VALIDATED_DOMAINS_ARR[0]} $(echo ${VALIDATED_DOMAINS_ARR[@]:1} | xargs -n1 | sort -u | xargs)) contains mails.<domain> autoconfig.<domain> autodiscover.<domain> for bl-evolution.com and autoconfig.<domain> autodiscover.<domain> for others. Why /srv/obtain-certificate.sh then create autoconfig and not autodiscover ? idk.
So, next round assume that the directory autoconfig is in orphaned directory (why ? i didn't investigate, it was really late :) ) so it deletes it.
Workaround it to symlink autoconfig.bl-evolution.com to autodiscover.bl-evolution.com. So that the reverse-proxy nginx finds its autodiscover.bl-evolution.com
from mailcow-dockerized.
Korsani
commented on May 26, 2024
Mmm... I realize that maybe my case is badly named. The nginx reverse-proxy expects certificates in autodiscover. Which, as I mentioned, do not happen with bl-evolution.com : certificate is created in autoconfig.
Still, there is a mismatch between what nginx conf expect, and what /srv/acme.sh does. I'll investigate on our side to see where the nginx conf comes from.
from mailcow-dockerized.
GamingForLive
commented on May 26, 2024
I dont really know if this related but when i add a fdqn in the acme-mailcow config as an aditional san (as follows):
ADDITIONAL_SAN=smtp.*,myfdqn.de* And restarting acme-mailcow manually it gets the certificate but after a while (about 1 day) it is gone again.
Acme also dosent generate a new one (yes i did run docker compose up -d)
and after looking at https://crt.sh/ i can confirm that no new ssl cert has been issued
from mailcow-dockerized.
Related Issues (20)
- watchdog: Allow setting THRESHOLD for cert_check in mailcow.conf HOT 1
- Allow domain admins to create domains and verify them by TXT record
- Filter by domain where possible
- Password strength estimator
- Security Bar/Header Text
- Mailcow 2024-04 Outlook Android - New emails not being sent do client HOT 3
- Compatibility Issue Between iptables-nft, nftables and netfilter-mailcow
- Sender based transport map is ignored by alias
- netfilter-mailcow restart loop HOT 6
- (Started on Invalid Date) HOT 1
- update.sh -c returns "No updates available" when there are updates.
- priority and weight for SRV record HOT 3
- Mailcow 2024-04 - DNS Records TLSA information is not displayed and empty.
- Support for older TLS versions does not work as expected
- SOGo cant connect to IMAP4 HOT 3
- html (only) domain-wide-footer does not attach when sending from some email clients. HOT 1
- Mailcow Unable to Retrieve Server IPv6 Address HOT 20
- .gitignore: Global sieve filters ignored but still tracked?
- PTR Records HOT 1
- Wrong owner of some rspamd config files HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mailcow-dockerized.