New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Acme - Missing Maildomain #2736
Comments
Please post your mailcow.conf without hostnames and passwords. |
mailcow web ui configurationexample.org is not a valid hostname, use a fqdn here. MAILCOW_HOSTNAME=mail.xxx.net SQL database configurationDBNAME=xxx Please use long, random alphanumeric strings (A-Za-z0-9) DBPASS=xxx HTTP/S BindingsYou should use HTTPS, but in case of SSL offloaded reverse proxies: HTTP_PORT=80 HTTPS_PORT=443 Other bindingsYou should leave that alone SMTP_PORT=25 Your timezone TZ=Europe/Berlin Fixed project name COMPOSE_PROJECT_NAME=mailcowdockerized Garbage collector cleanup MAILDIR_GC_TIME=1440 Additional SAN for the certificate You can use wildcard records to create specific names for every domain you add to mailcow. You can also just add static names... ADDITIONAL_SAN=imap.,pop3.,smtp.*,mail.xxx.net,nextcloud.xxx.net Skip running ACME (acme-mailcow, Let's Encrypt certs) - y/n SKIP_LETS_ENCRYPT=n Skip IPv4 check in ACME container - y/n SKIP_IP_CHECK=n Skip ClamAV (clamd-mailcow) anti-virus (Rspamd will auto-detect a missing ClamAV container) - y/n SKIP_CLAMD=n Enable watchdog (watchdog-mailcow) to restart unhealthy containers (experimental) USE_WATCHDOG=n Send notifications by mail (no DKIM signature, sent from watchdog@MAILCOW_HOSTNAME) WATCHDOG_NOTIFY_EMAIL=a@example.com,b@example.com,c@example.com Max log lines per service to keep in Redis logs LOG_LINES=9999 Internal IPv4 /24 subnet, format n.n.n. (expands to n.n.n.0/24) IPV4_NETWORK=172.22.1 Internal IPv6 subnet in fc00::/7 IPV6_NETWORK=fd4d:6169:6c63:6f77::/64 Use this IPv4 for outgoing connections (SNAT) SNAT_TO_SOURCE= Use this IPv6 for outgoing connections (SNAT) SNAT6_TO_SOURCE= Create or override API key for web uI API_KEY= Set this to "allow" to enable the anyone pseudo user. Disabled by default. |
Same here since the last update. Nothing of any config changed, domain added, etc around the update. Parsing account key... Parsing CSR... Found domains: autodiscover.domainname1.nl, autoconfig.domainname2.nl, autodiscover.domainname2.nl, autodiscover.domainname3.nl, autoconfig.domainname3.nl, mail.domainname3.nl, autoconfig.domainname1.nl Getting directory... Directory found! Registering account... Already registered! Creating new order... Order created! Verifying autoconfig.domainname1.nl... Traceback (most recent call last): File "/usr/bin/acme-tiny", line 10, in sys.exit(main()) File "/usr/lib/python3.6/site-packages/acme_tiny.py", line 194, in main signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact) File "/usr/lib/python3.6/site-packages/acme_tiny.py", line 150, in get_crt raise ValueError("Challenge did not pass for {0}: {1}".format(domain, authorization)) ValueError: Challenge did not pass for autoconfig.domainname1.nl: {'identifier': {'type': 'dns', 'value': 'autoconfig.domainname1.nl'}, 'status': 'invalid', 'expires': '2019-07-05T14:26:24Z', 'challenges': [{'type': 'http-01', 'status': 'invalid', 'error': {'type': 'urn:ietf:params:acme:error:unauthorized', 'detail': 'Invalid response from http://autoconfig.domainname1.nl/.well-known/acme-challenge/2AmOIq5AZKCARuZSy30OQuGkN4Wx9BulT06ogTiJEdU [2a01:4f8:c2c:db1::1]: " |
I have these error messages from watchdog also since yesterday. Also only made an update last week without any additional changes on the setup. |
Having the same symptoms. |
Need the full logs of this container. |
29.6.2019, 10:27:49 Retrying in 30 minutes... |
|
Can you post your data/conf/nginx/site.conf? Or just the first ~50 lines. :) |
|
Can you remove this and restart Nginx and ACME by running
|
Had the same part in my site.conf, deleted and restarted the two container. Seems to solve: Certificate successfully deployed, removing backup, sleeping 1d29.6.2019, 11:31:10 | Verified hashes. |
I can confirm that removing the provided lines by @andryyy solves the issue. |
I think I need to add a better check for the HTTP verification. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
I have same problem so I tried remove above codes but, site.conf file has changed.
What I should change in order to fix this problem? |
Since the last update I noticed in the ACME logs that every 30 minutes the following error message appears:
Traceback (most recent call last): File "/usr/bin/acme-tiny", line 10, in sys.exit(main()) File "/usr/lib/python3.6/site-packages/acme_tiny.py", line 194, in main signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact) File "/usr/lib/python3.6/site-packages/acme_tiny.py", line 150, in get_crt raise ValueError("Challenge did not pass for {0}: {1}".format(domain, authorization)) ValueError: Challenge did not pass for autoconfig.xxxxxxx.info: {'identifier': {'type': 'dns', 'value': 'autoconfig.xxxxxxx.info'}, 'status': 'invalid', 'expires': '2019-07-05T12:29:44Z', 'challenges': [{'type': 'tls-alpn-01', 'status': 'invalid', 'url': 'https://acme-v02.api.letsencrypt.org/acme/challenge/_7VFPH2jXGZjcvKUK0g7FlKHV4pjOdEzZLmPJA8Q1Ns/17617381674', 'token': 'BMY1jXWjuLG4k7Xs-xN9J6MqDod55Z-j6kKZbFUnw-o'}, {'type': 'dns-01', 'status': 'invalid', 'url': 'https://acme-v02.api.letsencrypt.org/acme/challenge/_7VFPH2jXGZjcvKUK0g7FlKHV4pjOdEzZLmPJA8Q1Ns/17617381675', 'token': '1_SQJdHwVcyDxHsMBczBFvQNS4b7e8UbLf2Pd6jZ7Jg'}, {'type': 'http-01', 'status': 'invalid', 'error': {'type': 'urn:ietf:params:acme:error:unauthorized', 'detail': 'Invalid response from http://autoconfig.xxxxxxx.info/.well-known/acme-challenge/02AZ_oCVJ0tW26f5gul_z_nhqrlZLaJWwy3z0N-iUYo [xxxxxxx]: "
%!E(MISSING)MAILDOMAIN%!<(MISSING)/domain"', 'status': 403}, 'url': 'https://acme-v02.api.letsencrypt.org/acme/challenge/_7VFPH2jXGZjcvKUK0g7FlKHV4pjOdEzZLmPJA8Q1Ns/17617381677', 'token': '02AZ_oCVJ0tW26f5gul_z_nhqrlZLaJWwy3z0N-iUYo', 'validationRecord': [{'url': 'http://autoconfig.xxxxxxx.info/.well-known/acme-challenge/02AZ_oCVJ0tW26f5gul_z_nhqrlZLaJWwy3z0N-iUYo', 'hostname': 'autoconfig.xxxxxxx.info', 'port': '80', 'addressesResolved': ['xxxxxxx'], 'addressUsed': 'xxxxxxx'}]}]}
Is this a bug or just a wrong config?
Thank you.
The text was updated successfully, but these errors were encountered: