Let's encrypt certificate cannot be renewed #550

SEWADE · 2017-09-04T09:54:13Z

Hi,

I have a problem with renewing of the Let's encrypt certificate.
I think the problem is that port 80 does not work, but dokumentations says "mailcow must be available on port 80 for the acme-client to work". Unfortunately, I do not know why this is so.
Maybe someone can help me solve the problem.

mailcow.conf:

# ------------------------------
# mailcow web ui configuration
# ------------------------------
# example.org is _not_ a valid hostname, use a fqdn here.
# Default admin user is "***"
# Default password is "***"
MAILCOW_HOSTNAME=mail.system-server.de
# ------------------------------
# SQL database configuration
# ------------------------------
DBNAME=***
DBUSER=***
# Please use long, random alphanumeric strings (A-Za-z0-9)
DBPASS=**********************
DBROOT=**********************
# ------------------------------
# HTTP/S Bindings
# ------------------------------
# You should use HTTPS, but in case of SSL offloaded reverse proxies:
HTTP_PORT=8080
HTTP_BIND=0.0.0.0
HTTPS_PORT=443
HTTPS_BIND=0.0.0.0
# ------------------------------
# Other bindings
# ------------------------------
# You should leave that alone
# Format: 11.22.33.44:25 or 0.0.0.0:465 etc.
# Do _not_ use IP:PORT in HTTPS_BIND or HTTPS_PORT
SMTP_PORT=25
SMTPS_PORT=465
SUBMISSION_PORT=587
IMAP_PORT=143
IMAPS_PORT=993
POP_PORT=110
POPS_PORT=995
SIEVE_PORT=4190
# Your timezone
TZ=Europe/Berlin
SKIP_LETS_ENCRYPT=n
SKIP_CLAMD=y
SKIP_IP_CHECK=y
SKIP_FAIL2BAN=n
ADDITIONAL_SAN=autoconfig.system-server.de,autodiscover.system-server.de
DOVEADM_PORT=127.0.0.1:19991

site.conf

proxy_cache_path /tmp levels=1:2 keys_zone=sogo:10m inactive=24h  max_size=1g;
map $http_x_forwarded_proto $client_req_scheme {
     default $scheme;
     https https;
}
server {
   server_name webmail.system-server.de;
   return 301 $scheme://mail.system-server.de/SOGo$request_uri;
   rewrite ^/sogo /SOGo/ redirect;
}
server {
  include /etc/nginx/conf.d/listen_ssl.active;
  include /etc/nginx/mime.types;
  charset utf-8;
  override_charset on;
  ssl on;
  ssl_certificate /etc/ssl/mail/cert.pem;
  ssl_certificate_key /etc/ssl/mail/key.pem;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
  ssl_ciphers 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA';
  add_header Strict-Transport-Security "max-age=15768000; includeSubDomains";
  ssl_ecdh_curve secp384r1;
  index index.php index.html;
  include /etc/nginx/conf.d/server_name.active;
  error_log  /var/log/nginx/error.log;
  access_log /var/log/nginx/access.log;
  absolute_redirect off;
  root /web;

  location ~ ^/api/v1/(.*)$ {
    try_files $uri $uri/ /json_api.php?query=$1;
  }

  location ^~ /.well-known/acme-challenge/ {
    allow all;
    default_type "text/plain";
  }

  # If behind reverse proxy, forwards the correct IP
  set_real_ip_from 172.22.1.1;
  real_ip_header X-Forwarded-For;
  real_ip_recursive on;

  rewrite ^/.well-known/caldav$ /SOGo/dav/ permanent;
  rewrite ^/.well-known/carddav$ /SOGo/dav/ permanent;

  location ^~ /principals {
	return 301 /SOGo/dav;
  }

  location ~ \.php$ {
    try_files $uri =404;
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_pass phpfpm:9000;
    fastcgi_index index.php;
    include /etc/nginx/fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param PATH_INFO $fastcgi_path_info;
    fastcgi_param PHP_VALUE "max_execution_time = 1200
                             max_input_time = 1200
                             memory_limit = 64M";
    fastcgi_read_timeout 1200;
  }

  location /rspamd/ {
    proxy_pass       http://172.22.1.253:11334/;
    proxy_set_header Host      $http_host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_redirect off;
  }

  location ~* ^/Autodiscover/Autodiscover.xml {
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_pass phpfpm:9000;
    include /etc/nginx/fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    try_files /autodiscover.php =404;
  }

  location ~ /(?:m|M)ail/(?:c|C)onfig-v1.1.xml {
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_pass phpfpm:9000;
    include /etc/nginx/fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    try_files /autoconfig.php =404;
  }

  location ^~ /Microsoft-Server-ActiveSync {
    proxy_pass http://172.22.1.252:20000/SOGo/Microsoft-Server-ActiveSync;
    proxy_connect_timeout 1000;
    proxy_next_upstream timeout error;
    proxy_send_timeout 1000;
    proxy_read_timeout 1000;
    proxy_buffer_size 8k;
    proxy_buffers 4 32k;
    proxy_temp_file_write_size 64k;
    proxy_busy_buffers_size 64k;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_set_header x-webobjects-server-protocol HTTP/1.0;
    proxy_set_header x-webobjects-remote-host $remote_addr;
    proxy_set_header x-webobjects-server-name $server_name;
    proxy_set_header x-webobjects-server-url $client_req_scheme://$http_host;
    proxy_set_header x-webobjects-server-port $server_port;
    client_body_buffer_size 128k;
    client_max_body_size 100m;
  }

  location ^~ /SOGo {
    proxy_pass http://172.22.1.252:20000;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_set_header x-webobjects-server-protocol HTTP/1.0;
    proxy_set_header x-webobjects-remote-host $remote_addr;
    proxy_set_header x-webobjects-server-name $server_name;
    proxy_set_header x-webobjects-server-url $client_req_scheme://$http_host;
    proxy_set_header x-webobjects-server-port $server_port;
    client_body_buffer_size 128k;
    client_max_body_size 100m;
    break;
  }

  location /SOGo.woa/WebServerResources/ {
    proxy_pass http://172.22.1.252:9192/WebServerResources/;
    proxy_set_header Host $http_host;
    proxy_cache sogo;
    proxy_cache_valid 200 1d;
    proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
    #alias /usr/lib/GNUstep/SOGo/WebServerResources/;
    allow all;
  }

  location /.woa/WebServerResources/ {
    proxy_pass http://172.22.1.252:9192/WebServerResources/;
    proxy_set_header Host $http_host;
    proxy_cache sogo;
    proxy_cache_valid 200 1d;
    proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
    #alias /usr/lib/GNUstep/SOGo/WebServerResources/;
    allow all;
  }

  location /SOGo/WebServerResources/ {
    proxy_pass http://172.22.1.252:9192/WebServerResources/;
    proxy_set_header Host $http_host;
    proxy_cache sogo;
    proxy_cache_valid 200 1d;
    proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
    #alias /usr/lib/GNUstep/SOGo/WebServerResources/;
    allow all;
  }

  location (^/SOGo/so/ControlPanel/Products/[^/]*UI/Resources/.*\.(jpg|png|gif|css|js)$ {
    proxy_pass http://172.22.1.252:9192/$1.SOGo/Resources/$2;
    proxy_set_header Host $http_host;
    proxy_cache sogo;
    proxy_cache_valid 200 1d;
    proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
    #alias /usr/lib/GNUstep/SOGo/$1.SOGo/Resources/$2;
  }
}
server {
  include /etc/nginx/conf.d/listen_plain.active;
  include /etc/nginx/mime.types;
  charset utf-8;
  override_charset on;
  index index.php index.html;
  include /etc/nginx/conf.d/server_name.active;
  error_log  /var/log/nginx/error.log;
  access_log /var/log/nginx/access.log;
  absolute_redirect off;
  root /web;

  location ~ ^/api/v1/(.*)$ {
    try_files $uri $uri/ /json_api.php?query=$1;
  }

  location ^~ /.well-known/acme-challenge/ {
    allow all;
    default_type "text/plain";
  }

  # If behind reverse proxy, forwards the correct IP
  set_real_ip_from 172.22.1.1;
  real_ip_header X-Forwarded-For;
  real_ip_recursive on;

  rewrite ^/.well-known/caldav$ /SOGo/dav/ permanent;
  rewrite ^/.well-known/carddav$ /SOGo/dav/ permanent;

  location ^~ /principals {
    return 301 /SOGo/dav;
  }

  location ~ \.php$ {
    try_files $uri =404;
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_pass phpfpm:9000;
    fastcgi_index index.php;
    include /etc/nginx/fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param PATH_INFO $fastcgi_path_info;
    fastcgi_param PHP_VALUE "max_execution_time = 1200
                             max_input_time = 1200
                             memory_limit = 64M";
    fastcgi_read_timeout 1200;
  }

  location /rspamd/ {
    proxy_pass       http://172.22.1.253:11334/;
    proxy_set_header Host      $http_host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_redirect off;
  }

  location ~* ^/Autodiscover/Autodiscover.xml {
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_pass phpfpm:9000;
    include /etc/nginx/fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    try_files /autodiscover.php =404;
  }

  location ~ /(?:m|M)ail/(?:c|C)onfig-v1.1.xml {
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_pass phpfpm:9000;
    include /etc/nginx/fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    try_files /autoconfig.php =404;
  }

  location ^~ /Microsoft-Server-ActiveSync {
    proxy_pass http://172.22.1.252:20000/SOGo/Microsoft-Server-ActiveSync;
    proxy_connect_timeout 1000;
    proxy_next_upstream timeout error;
    proxy_send_timeout 1000;
    proxy_read_timeout 1000;
    proxy_buffer_size 8k;
    proxy_buffers 4 32k;
    proxy_temp_file_write_size 64k;
    proxy_busy_buffers_size 64k;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_set_header x-webobjects-server-protocol HTTP/1.0;
    proxy_set_header x-webobjects-remote-host $remote_addr;
    proxy_set_header x-webobjects-server-name $server_name;
    proxy_set_header x-webobjects-server-url $client_req_scheme://$http_host;
    proxy_set_header x-webobjects-server-port $server_port;
    client_body_buffer_size 128k;
    client_max_body_size 100m;
  }

  location ^~ /SOGo {
    proxy_pass http://172.22.1.252:20000;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_set_header x-webobjects-server-protocol HTTP/1.0;
    proxy_set_header x-webobjects-remote-host $remote_addr;
    proxy_set_header x-webobjects-server-name $server_name;
    proxy_set_header x-webobjects-server-url $client_req_scheme://$http_host;
    proxy_set_header x-webobjects-server-port $server_port;
    client_body_buffer_size 128k;
    client_max_body_size 100m;
    break;
  }

  location /SOGo.woa/WebServerResources/ {
    proxy_pass http://172.22.1.252:9192/WebServerResources/;
    proxy_set_header Host $http_host;
    proxy_cache sogo;
    proxy_cache_valid 200 1d;
    proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
    #alias /usr/lib/GNUstep/SOGo/WebServerResources/;
    allow all;
  }

  location /.woa/WebServerResources/ {
    proxy_pass http://172.22.1.252:9192/WebServerResources/;
    proxy_set_header Host $http_host;
    proxy_cache sogo;
    proxy_cache_valid 200 1d;
    proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
    #alias /usr/lib/GNUstep/SOGo/WebServerResources/;
    allow all;
  }

  location /SOGo/WebServerResources/ {
    proxy_pass http://172.22.1.252:9192/WebServerResources/;
    proxy_set_header Host $http_host;
    proxy_cache sogo;
    proxy_cache_valid 200 1d;
    proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
    #alias /usr/lib/GNUstep/SOGo/WebServerResources/;
    allow all;
  }

  location (^/SOGo/so/ControlPanel/Products/[^/]*UI/Resources/.*\.(jpg|png|gif|css|js)$ {
    proxy_pass http://172.22.1.252:9192/$1.SOGo/Resources/$2;
    proxy_set_header Host $http_host;
    proxy_cache sogo;
    proxy_cache_valid 200 1d;
    proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
    #alias /usr/lib/GNUstep/SOGo/$1.SOGo/Resources/$2;
  }

}

The text was updated successfully, but these errors were encountered:

Dad-Ju · 2017-09-05T14:56:51Z

Any Errors ?

SEWADE · 2017-09-05T15:05:43Z

This is the log from acme:

admin@mail:~/mailcow-dockerized$ docker-compose logs acme-mailcow
Attaching to mailcowdockerized_acme-mailcow_1
acme-mailcow_1       | Found Let's Encrypt or mailcow snake-oil CA issued certificate with SANs: autoconfig.system-server.de autodiscover.system-server.de mail.system-server.de
acme-mailcow_1       | Found A record for autoconfig.bennedikt.de: 5.45.99.3
acme-mailcow_1       | Confirmed A record autoconfig.bennedikt.de
acme-mailcow_1       | Found A record for autodiscover.bennedikt.de: 5.45.99.3
acme-mailcow_1       | Confirmed A record autodiscover.bennedikt.de
acme-mailcow_1       | Found A record for autoconfig.system-server.de: 5.45.99.3
acme-mailcow_1       | Confirmed A record autoconfig.system-server.de
acme-mailcow_1       | Found A record for autodiscover.system-server.de: 5.45.99.3
acme-mailcow_1       | Confirmed A record autodiscover.system-server.de
acme-mailcow_1       | Found A record for autoconfig.waeltermann.eu: 5.45.99.3
acme-mailcow_1       | Confirmed A record autoconfig.waeltermann.eu
acme-mailcow_1       | Found A record for autodiscover.waeltermann.eu: 5.45.99.3
acme-mailcow_1       | Confirmed A record autodiscover.waeltermann.eu
acme-mailcow_1       | Found A record for mail.system-server.de: 5.45.99.3
acme-mailcow_1       | Confirmed A record mail.system-server.de
acme-mailcow_1       | Found A record for autoconfig.system-server.de: 5.45.99.3
acme-mailcow_1       | Confirmed A record autoconfig.system-server.de
acme-mailcow_1       | Found A record for autodiscover.system-server.de: 5.45.99.3
acme-mailcow_1       | Confirmed A record autodiscover.system-server.de
acme-mailcow_1       | Found orphaned SAN autoconfig.bennedikt.de autoconfig.waeltermann.eu autodiscover.bennedikt.de autodiscover.waeltermann.eu in certificate, moving old files to /var/lib/acme/acme/private/2017-09-04_09_09_34.bak/, keeping key file...
acme-mailcow_1       | mv: can't rename '/var/lib/acme/acme/fullchain.pem': No such file or directory
acme-mailcow_1       | mv: can't rename '/var/lib/acme/acme/cert.pem': No such file or directory
acme-mailcow_1       | acme-client: /var/lib/acme/acme/private/privkey.pem: domain key exists (not creating)
acme-mailcow_1       | acme-client: acme-client: /var/lib/acme/acme/private/account.key: generating RSA account key
acme-mailcow_1       | adding SAN: autoconfig.system-server.de
acme-mailcow_1       | acme-client: adding SAN: autoconfig.waeltermann.eu
acme-mailcow_1       | acme-client: adding SAN: autodiscover.bennedikt.de
acme-mailcow_1       | acme-client: adding SAN: autodiscover.system-server.de
acme-mailcow_1       | acme-client: adding SAN: autodiscover.waeltermann.eu
acme-mailcow_1       | acme-client: adding SAN: mail.system-server.de
acme-mailcow_1       | acme-client: https://acme-v01.api.letsencrypt.org/directory: directories
acme-mailcow_1       | acme-client: acme-v01.api.letsencrypt.org: DNS: 23.77.231.123
acme-mailcow_1       | acme-client: acme-v01.api.letsencrypt.org: DNS: 2a02:26f0:10:28d::3d5
acme-mailcow_1       | acme-client: acme-v01.api.letsencrypt.org: DNS: 2a02:26f0:10:287::3d5
acme-mailcow_1       | acme-client: https://acme-v01.api.letsencrypt.org/acme/new-reg: new-reg
acme-mailcow_1       | acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz: req-auth: autoconfig.bennedikt.de
acme-mailcow_1       | acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz: req-auth: autoconfig.system-server.de
acme-mailcow_1       | acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz: req-auth: autoconfig.waeltermann.eu
acme-mailcow_1       | acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz: req-auth: autodiscover.bennedikt.de
acme-mailcow_1       | acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz: req-auth: autodiscover.system-server.de
acme-mailcow_1       | acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz: req-auth: autodiscover.waeltermann.eu
acme-mailcow_1       | acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz: req-auth: mail.system-server.de
acme-mailcow_1       | acme-client: /var/www/acme/plXi-XGZ5CJy5xXvqWqVfO1QMhdCXE39xwvCqumXd68: created
acme-mailcow_1       | acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/WKBA00ihUPrqppq9TSO-xnpgVe-XNJ8SAR5wozji2JY/1908810293: challenge
acme-mailcow_1       | acme-client: /var/www/acme/VWafRigK8mXssZU6u2dHmoVYeMGNpUvaJ_62uWksX6E: created
acme-mailcow_1       | acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/x5KxqtqMnZ4PLT8cVfx2gjxLtyh40v_1TXHQJNvtOE4/1908810305: challenge
acme-mailcow_1       | acme-client: /var/www/acme/Yk0E5-aFJI_BKomxbZAbQIUbvhFujSYi8EAn7inIQ8s: created
acme-mailcow_1       | acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/OIQht4M-WsfEiaaAm_6n0TdJksKDutVlR21HJh7xkz0/1908810334: challenge
acme-mailcow_1       | acme-client: /var/www/acme/jw5r9yY6hqy_4Jl2wcmnqxMW2zoXEdvkjbmBLUHzU2A: created
acme-mailcow_1       | acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/hJne7f-sJ6v9Q_wlaRVAq-3oGJ-2fvBwsujQsgYRnYU/1908810369: challenge
acme-mailcow_1       | acme-client: /var/www/acme/xCL9bI48mSqDBpC3hmwYWqgaaLvD2ck-XF3xCy_JB0o: created
acme-mailcow_1       | acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/3ir07Izd04YeRlj9EcN5jsZY6xbNdx8wz-Gfutj9xVw/1908810401: challenge
acme-mailcow_1       | acme-client: /var/www/acme/CW4gwBg0l6MQ_48C0Ow-O-cLshSgKQ3-8baallLBlAw: created
acme-mailcow_1       | acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/z3sHLD3oZwvSFGkI1fbWB0sGILvHKyLK7KUVNF49NkI/1908810425: challenge
acme-mailcow_1       | acme-client: /var/www/acme/UTtGDC821EipW1NPn0QBzCNOhyjEVOJ6kXVRYBio7Xs: created
acme-mailcow_1       | acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/__faRa152RyzQuxVg5_D-zin8WGcHJg3iKcKMzB-Dc8/1908810457: challenge
acme-mailcow_1       | acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/WKBA00ihUPrqppq9TSO-xnpgVe-XNJ8SAR5wozji2JY/1908810293: status
acme-mailcow_1       | acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/WKBA00ihUPrqppq9TSO-xnpgVe-XNJ8SAR5wozji2JY/1908810293: bad response
acme-mailcow_1       | acme-client: transfer buffer: [{ "type": "http-01", "status": "invalid", "error": { "type": "urn:acme:error:connection", "detail": "Fetching http://autoconfig.bennedikt.de/.well-known/acme-challenge/plXi-XGZ5CJy5xXvqWqVfO1QMhdCXE39xwvCqumXd68: Connection refused", "status": 400 }, "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/WKBA00ihUPrqppq9TSO-xnpgVe-XNJ8SAR5wozji2JY/1908810293", "token": "plXi-XGZ5CJy5xXvqWqVfO1QMhdCXE39xwvCqumXd68", "keyAuthorization": "plXi-XGZ5CJy5xXvqWqVfO1QMhdCXE39xwvCqumXd68.ton3kNjRQx2OLVGmwit6RQTalnMguDVqdE_4qAd-VQw", "validationRecord": [ { "url": "http://autoconfig.bennedikt.de/.well-known/acme-challenge/plXi-XGZ5CJy5xXvqWqVfO1QMhdCXE39xwvCqumXd68", "hostname": "autoconfig.bennedikt.de", "port": "80", "addressesResolved": [ "5.45.99.3" ], "addressUsed": "5.45.99.3", "addressesTried": [] } ] }] (904 bytes)
acme-mailcow_1       | acme-client: bad exit: netproc(99): 1
acme-mailcow_1       | Verified hashes.
acme-mailcow_1       | Found Let's Encrypt or mailcow snake-oil CA issued certificate with SANs: autoconfig.system-server.de autodiscover.system-server.de mail.system-server.de
acme-mailcow_1       | Found A record for autoconfig.bennedikt.de: 5.45.99.3
acme-mailcow_1       | Confirmed A record autoconfig.bennedikt.de
acme-mailcow_1       | Found A record for autodiscover.bennedikt.de: 5.45.99.3
acme-mailcow_1       | Confirmed A record autodiscover.bennedikt.de
acme-mailcow_1       | Found A record for autoconfig.system-server.de: 5.45.99.3
acme-mailcow_1       | Confirmed A record autoconfig.system-server.de
acme-mailcow_1       | Found A record for autodiscover.system-server.de: 5.45.99.3
acme-mailcow_1       | Confirmed A record autodiscover.system-server.de
acme-mailcow_1       | Found A record for autoconfig.waeltermann.eu: 5.45.99.3
acme-mailcow_1       | Confirmed A record autoconfig.waeltermann.eu
acme-mailcow_1       | Found A record for autodiscover.waeltermann.eu: 5.45.99.3
acme-mailcow_1       | Confirmed A record autodiscover.waeltermann.eu
acme-mailcow_1       | Found A record for mail.system-server.de: 5.45.99.3
acme-mailcow_1       | Confirmed A record mail.system-server.de
acme-mailcow_1       | Found A record for autoconfig.system-server.de: 5.45.99.3
acme-mailcow_1       | Confirmed A record autoconfig.system-server.de
acme-mailcow_1       | Found A record for autodiscover.system-server.de: 5.45.99.3
acme-mailcow_1       | Confirmed A record autodiscover.system-server.de
acme-mailcow_1       | Found orphaned SAN autoconfig.bennedikt.de autoconfig.waeltermann.eu autodiscover.bennedikt.de autodiscover.waeltermann.eu in certificate, moving old files to /var/lib/acme/acme/private/2017-09-04_09_09_53.bak/, keeping key file...
acme-mailcow_1       | mv: can't rename '/var/lib/acme/acme/fullchain.pem': No such file or directory
acme-mailcow_1       | mv: can't rename '/var/lib/acme/acme/cert.pem': No such file or directory
acme-mailcow_1       | acme-client: /var/lib/acme/acme/private/privkey.pem: domain key exists (not creating)
acme-mailcow_1       | acme-client: /var/lib/acme/acme/private/account.key: generating RSA account key
acme-mailcow_1       | acme-client: adding SAN: autoconfig.system-server.de
acme-mailcow_1       | acme-client: adding SAN: autoconfig.waeltermann.eu
acme-mailcow_1       | acme-client: adding SAN: autodiscover.bennedikt.de
acme-mailcow_1       | acme-client: adding SAN: autodiscover.system-server.de
acme-mailcow_1       | acme-client: adding SAN: autodiscover.waeltermann.eu
acme-mailcow_1       | acme-client: adding SAN: mail.system-server.de
acme-mailcow_1       | acme-client: https://acme-v01.api.letsencrypt.org/directory: directories
acme-mailcow_1       | acme-client: acme-v01.api.letsencrypt.org: DNS: 23.77.231.123
acme-mailcow_1       | acme-client: acme-v01.api.letsencrypt.org: DNS: 2a02:26f0:10:28d::3d5
acme-mailcow_1       | acme-client: acme-v01.api.letsencrypt.org: DNS: 2a02:26f0:10:287::3d5
acme-mailcow_1       | acme-client: https://acme-v01.api.letsencrypt.org/acme/new-reg: new-reg
acme-mailcow_1       | acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz: req-auth: autoconfig.bennedikt.de
acme-mailcow_1       | acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz: req-auth: autoconfig.system-server.de
acme-mailcow_1       | acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz: req-auth: autoconfig.waeltermann.eu
acme-mailcow_1       | acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz: req-auth: autodiscover.bennedikt.de
acme-mailcow_1       | acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz: req-auth: autodiscover.system-server.de
acme-mailcow_1       | acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz: req-auth: autodiscover.waeltermann.eu
acme-mailcow_1       | acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz: req-auth: mail.system-server.de
acme-mailcow_1       | acme-client: /var/www/acme/C8U-4HS86Dq_dKgI0R9G0eYv26Iv_HwLzeEuQ-AJDaE: created
acme-mailcow_1       | acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/PVc7vmK4znluxndbMVQogZ8REanme55Z5zNAW1ueHYs/1908811723: challenge
acme-mailcow_1       | acme-client: /var/www/acme/m8fECZqRxjc7jKGl7gz-on2pnu77vnsa66OdCLgFc_M: created
acme-mailcow_1       | acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/LNGr3IZACLe0z81tzVufeijAINuNZTJI7Hj7Duss8Js/1908811760: challenge
acme-mailcow_1       | acme-client: /var/www/acme/lja9uzd43i6cD_Tl7G1Nw1DezH4YJ_gy0v9zR6_OdZw: created
acme-mailcow_1       | acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/YfK6Q_orc0bWLkkYxJThbiSiovbixUv17wYebDRBjRI/1908811778: challenge
acme-mailcow_1       | acme-client: /var/www/acme/kga6Rnh6b1r-myyfv7Bq3HQwUbQ0IGH5PmEIVAouWaY: created
acme-mailcow_1       | acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/Zzf6WsoR7KXTJ9WoSuuqH-ffUDAwXltdTFl45xkVIuI/1908811807: challenge
acme-mailcow_1       | acme-client: /var/www/acme/Pcmt43X_dIf3UL6LitL4rGYVzqBLl2Tz96fhF92mHMs: created
acme-mailcow_1       | acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/hGhmgSC5e2C2IX6UFYjFjsUgR2ZC-Q1j4SAvKaN2dHU/1908811837: challenge
acme-mailcow_1       | acme-client: /var/www/acme/3cnUMszd5xV7yKRA2cxbgNxFpdlgj2LEpbYtLQFb2ic: created
acme-mailcow_1       | acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/utEt_NwC66wWddu_6TcUU4erAlfczZgVNQR8FO9mgEI/1908811881: challenge
acme-mailcow_1       | acme-client: /var/www/acme/GWv5jtQtp4-troZ6LKIKlEN-av51A9kGXRG8_HHwTE4: created
acme-mailcow_1       | acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/mWlaQ-22wXfy9oDYFL76Q1A-JehH7bKpQsnJl3UPyGQ/1908811924: challenge
acme-mailcow_1       | acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/PVc7vmK4znluxndbMVQogZ8REanme55Z5zNAW1ueHYs/1908811723: status
acme-mailcow_1       | acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/PVc7vmK4znluxndbMVQogZ8REanme55Z5zNAW1ueHYs/1908811723: bad response
acme-mailcow_1       | acme-client: transfer buffer: [{ "type": "http-01", "status": "invalid", "error": { "type": "urn:acme:error:connection", "detail": "Fetching http://autoconfig.bennedikt.de/.well-known/acme-challenge/C8U-4HS86Dq_dKgI0R9G0eYv26Iv_HwLzeEuQ-AJDaE: Connection refused", "status": 400 }, "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/PVc7vmK4znluxndbMVQogZ8REanme55Z5zNAW1ueHYs/1908811723", "token": "C8U-4HS86Dq_dKgI0R9G0eYv26Iv_HwLzeEuQ-AJDaE", "keyAuthorization": "C8U-4HS86Dq_dKgI0R9G0eYv26Iv_HwLzeEuQ-AJDaE.kohHXkPQbE8g1T3d0olNamNJ3ZlTZBLGArlqRYKKN6g", "validationRecord": [ { "url": "http://autoconfig.bennedikt.de/.well-known/acme-challenge/C8U-4HS86Dq_dKgI0R9G0eYv26Iv_HwLzeEuQ-AJDaE", "hostname": "autoconfig.bennedikt.de", "port": "80", "addressesResolved": [ "5.45.99.3" ], "addressUsed": "5.45.99.3", "addressesTried": [] } ] }] (904 bytes)
acme-mailcow_1       | acme-client: bad exit: netproc(100): 1
acme-mailcow_1       | Verified hashes.
```

Dad-Ju · 2017-09-05T17:31:43Z

The User 'Mailcow' has no Perm to
/var/lib/acme/acme/*
Number 2 Port 80 Blocked or Nothing to find try to set the http port from 8080 to 80 so it can be Reached on port 80

If this is false Correct me

(Sry for my Bad English I'm from Germany :D)

SEWADE · 2017-09-05T17:40:13Z

I have also seen the "no Perm to /var/lib/acme/acme/* " entry in the log, but I don't know how to resolve this.
It is not possible to change 8080 to 80, I have already tryed it. After changeing the port to 80 and restarting nginx, I can't reach anything neither 80 nor https.

P.S.: Ich habe kein Problem mit deinem English, meins ist auch nicht wirklich perfekt! ;-)
@

Dad-Ju · 2017-09-05T17:46:02Z

Normaly its on port 80 i didn't change anything in the config and it works...
You can use 'chown - R' To the user Mailcow (i think it is named so).
Try to stop docker and change the configs on mailcow.conf the http bind to 80 and look at the proxy Setup if MailcowUI is insert

(Hab keine Ahnung von den Proxy etc xD)

Dad-Ju · 2017-09-07T04:18:24Z

Alternativ set something on port 80

SEWADE · 2017-09-07T08:20:34Z

I have changed /var/lib/acme/acme/* permission, but the error is still there.
If I changeing the port in mailcow.conf from 8080 to 80 and restart nginx I can not access any website. Also not the mailcow UI on https/port 443.
I think something is incorrect in the site.conf file, but the question is exactly what.

Dad-Ju · 2017-09-07T10:37:13Z

You can Try to deleat the acme and nginx volume from docker to reconfigure it

SEWADE · 2017-09-09T08:01:43Z

I can't find a acme and nginx volume.

admin@mail:~/mailcow-dockerized$ docker volume ls
DRIVER              VOLUME NAME
local               mailcowdockerized_crypt-vol-1
local               mailcowdockerized_dkim-vol-1
local               mailcowdockerized_mysql-vol-1
local               mailcowdockerized_postfix-vol-1
local               mailcowdockerized_redis-vol-1
local               mailcowdockerized_rspamd-vol-1
local               mailcowdockerized_vmail-vol-1

longtawan · 2017-10-05T11:25:34Z

Hi there,

I just wanted to ask if there is a solution on the issue above, cause I have the same prblem and absolute no clue how to solve it.
Thnx,
Ingo

andryyy · 2017-10-05T12:15:40Z

It says connection refused. Maybe a firewall that blocks ipv6 forwarding?
Try from an external server (!!) to run ‘curl -6 yourdomains’.

dixquatre · 2018-01-11T23:46:07Z

Any fix on this error, I've got this error message when I look into my logs for acme-mailcow

acme-mailcow_1         | Thu Jan 11 23:20:15 UTC 2018 - Found A record for mail.somewhere.ca: 22.22.33.77
acme-mailcow_1         | Thu Jan 11 23:20:15 UTC 2018 - Confirmed A record mail.somewhere.ca
acme-mailcow_1         | acme-client: /var/lib/acme/acme/private/account.key: account key exists (not creating)
acme-mailcow_1         | acme-client: /var/lib/acme/acme/private/privkey.pem: domain key exists (not creating)
acme-mailcow_1         | acme-client: adding SAN: autoconfig.somewhere.ca
acme-mailcow_1         | acme-client: adding SAN: autodiscover.somewhere.ca
acme-mailcow_1         | acme-client: https://acme-v01.api.letsencrypt.org/directory: directories
acme-mailcow_1         | acme-client: acme-v01.api.letsencrypt.org: DNS: 96.7.204.37
acme-mailcow_1         | acme-client: acme-v01.api.letsencrypt.org: DNS: 2600:140a:0:1a7::3d5
acme-mailcow_1         | acme-client: acme-v01.api.letsencrypt.org: DNS: 2600:140a:0:196::3d5
acme-mailcow_1         | acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz: req-auth: mail.somewhere.ca
acme-mailcow_1         | acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz: req-auth: autoconfig.royfortin.ca
acme-mailcow_1         | acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz: req-auth: autodiscover.royfortin.ca
acme-mailcow_1         | acme-client: /var/www/acme/3hG-Ro2TEHvEDOWO69Sjkwh3Q_oLc0O7-0KTanQ6QGc: created
acme-mailcow_1         | acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/oE-CUxddLtiTzmVfySBQVulzV-5QWxegOHNwLI1rxY0/3059681571: challenge
acme-mailcow_1         | acme-client: /var/www/acme/d-FAKIFTGQ6vhOHrRLwiROAQZvckHKCG-EMiyiOwsXY: created
acme-mailcow_1         | acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/RjG3LoBxlPeZBLJBtj0mlw5kL4plk7EBf8h4W-DupZM/3059681654: challenge
acme-mailcow_1         | acme-client: /var/www/acme/-ipKkQL6KprMyIPsohwrwKn9cldurO5JLHyYOORBE58: created
acme-mailcow_1         | acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/GsdaOSWvUHq4DC80TjVrfdSAHTnzA9JFd4QzssuP72c/3059681736: challenge
acme-mailcow_1         | acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/oE-CUxddLtiTzmVfySBQVulzV-5QWxegOHNwLI1rxY0/3059681571: status
acme-mailcow_1         | acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/oE-CUxddLtiTzmVfySBQVulzV-5QWxegOHNwLI1rxY0/3059681571: bad response
acme-mailcow_1         | acme-client: transfer buffer: [{ "type": "http-01", "status": "invalid", "error": { "type": "urn:acme:error:connection", "detail": "Fetching http://mail.somewhere.ca/.well-known/acme-challenge/3hG-Ro2TEHvEDOWO69Sjkwh3Q_oLc0O7-0KTanQ6QGc: Error getting validation data", "status": 400 }, "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/oE-CUxddLtiTzmVfySBQVulzV-5QWxegOHNwLI1rxY0/3059681571", "token": "3hG-Ro2TEHvEDOWO69Sjkwh3Q_oLc0O7-0KTanQ6QGc", "keyAuthorization": "3hG-Ro2TEHvEDOWO69Sjkwh3Q_oLc0O7-0KTanQ6QGc.ydinuoc0SKNQbeIlgoB6mWSV2OoEPhZfdpGI_pdJvlo", "validationRecord": [ { "url": "http://mail.somewhere.ca/.well-known/acme-challenge/3hG-Ro2TEHvEDOWO69Sjkwh3Q_oLc0O7-0KTanQ6QGc", "hostname": "mail.somewhere.ca", "port": "80", "addressesResolved": [ "22.22.33.77" ], "addressUsed": "22.22.33.77", "addressesTried": [] } ] }] (899 bytes)                                                                                                                                                                                    
acme-mailcow_1         | acme-client: bad exit: netproc(3623): 1
acme-mailcow_1         | Thu Jan 11 23:20:24 UTC 2018 - Verified hashes.
acme-mailcow_1         | Thu Jan 11 23:20:24 UTC 2018 - Retrying in 30 minutes...

I've deleted and recreated the acme-mailcow, run the update.sh still don't know what to do. Looking at the private folder, I've seen that I don't have any backup/update since mid-November 2017 and now my certificate is expired.

Any thoughts?

Thanks

Matt

longtawan · 2018-01-12T08:59:08Z

Hi Matt, Do you habe an AAAA recorder for ipv6? If so, disablese it. The second thing for me was to disable all domains that are not linked with AA records. I prepared a domain that was linked with a different IP. Hope it helps. Best regards, Ingo Am 12. Januar 2018 12:46:31 vorm. schrieb dixquatre <notifications@github.com>:

…

Any fix on this error, I've got this error message when I look into my logs for acme-mailcow ``` acme-mailcow_1 | Thu Jan 11 23:20:15 UTC 2018 - Found A record for mail.royfortin.ca: 69.70.3.77 acme-mailcow_1 | Thu Jan 11 23:20:15 UTC 2018 - Confirmed A record mail.royfortin.ca acme-mailcow_1 | acme-client: /var/lib/acme/acme/private/account.key: account key exists (not creating) acme-mailcow_1 | acme-client: /var/lib/acme/acme/private/privkey.pem: domain key exists (not creating) acme-mailcow_1 | acme-client: adding SAN: autoconfig.royfortin.ca acme-mailcow_1 | acme-client: adding SAN: autodiscover.royfortin.ca acme-mailcow_1 | acme-client: https://acme-v01.api.letsencrypt.org/directory: directories acme-mailcow_1 | acme-client: acme-v01.api.letsencrypt.org: DNS: 96.7.204.37 acme-mailcow_1 | acme-client: acme-v01.api.letsencrypt.org: DNS: 2600:140a:0:1a7::3d5 acme-mailcow_1 | acme-client: acme-v01.api.letsencrypt.org: DNS: 2600:140a:0:196::3d5 acme-mailcow_1 | acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz: req-auth: mail.royfortin.ca acme-mailcow_1 | acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz: req-auth: autoconfig.royfortin.ca acme-mailcow_1 | acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz: req-auth: autodiscover.royfortin.ca acme-mailcow_1 | acme-client: /var/www/acme/3hG-Ro2TEHvEDOWO69Sjkwh3Q_oLc0O7-0KTanQ6QGc: created acme-mailcow_1 | acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/oE-CUxddLtiTzmVfySBQVulzV-5QWxegOHNwLI1rxY0/3059681571: challenge acme-mailcow_1 | acme-client: /var/www/acme/d-FAKIFTGQ6vhOHrRLwiROAQZvckHKCG-EMiyiOwsXY: created acme-mailcow_1 | acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/RjG3LoBxlPeZBLJBtj0mlw5kL4plk7EBf8h4W-DupZM/3059681654: challenge acme-mailcow_1 | acme-client: /var/www/acme/-ipKkQL6KprMyIPsohwrwKn9cldurO5JLHyYOORBE58: created acme-mailcow_1 | acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/GsdaOSWvUHq4DC80TjVrfdSAHTnzA9JFd4QzssuP72c/3059681736: challenge acme-mailcow_1 | acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/oE-CUxddLtiTzmVfySBQVulzV-5QWxegOHNwLI1rxY0/3059681571: status acme-mailcow_1 | acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/oE-CUxddLtiTzmVfySBQVulzV-5QWxegOHNwLI1rxY0/3059681571: bad response acme-mailcow_1 | acme-client: transfer buffer: [{ "type": "http-01", "status": "invalid", "error": { "type": "urn:acme:error:connection", "detail": "Fetching http://mail.royfortin.ca/.well-known/acme-challenge/3hG-Ro2TEHvEDOWO69Sjkwh3Q_oLc0O7-0KTanQ6QGc: Error getting validation data", "status": 400 }, "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/oE-CUxddLtiTzmVfySBQVulzV-5QWxegOHNwLI1rxY0/3059681571", "token": "3hG-Ro2TEHvEDOWO69Sjkwh3Q_oLc0O7-0KTanQ6QGc", "keyAuthorization": "3hG-Ro2TEHvEDOWO69Sjkwh3Q_oLc0O7-0KTanQ6QGc.ydinuoc0SKNQbeIlgoB6mWSV2OoEPhZfdpGI_pdJvlo", "validationRecord": [ { "url": "http://mail.royfortin.ca/.well-known/acme-challenge/3hG-Ro2TEHvEDOWO69Sjkwh3Q_oLc0O7-0KTanQ6QGc", "hostname": "mail.royfortin.ca", "port": "80", "addressesResolved": [ "69.70.3.77" ], "addressUsed": "69.70.3.77", "addressesTried": [] } ] }] (899 bytes) acme-mailcow_1 | acme-client: bad exit: netproc(3623): 1 acme-mailcow_1 | Thu Jan 11 23:20:24 UTC 2018 - Verified hashes. acme-mailcow_1 | Thu Jan 11 23:20:24 UTC 2018 - Retrying in 30 minutes... ``` I've deleted and recreated the acme-mailcow, run the update.sh still don't know what to do. Looking at the private folder, I've seen that I don't have any backup/update since mid-November 2017 and now my certificate is expired. Any thoughts? Thanks Matt -- You are receiving this because you commented. Reply to this email directly or view it on GitHub: #550 (comment)

dixquatre · 2018-01-12T13:00:17Z

Thanks for the input. I don't have any AAAA since my provider does not provide any yet.

I'll check my other records too.

In the mean time, is there a way to manually renew the certificate? Could I use certbot install locally and then move/copy the certificate to the folder?

Matt

longtawan · 2018-01-12T16:45:58Z

Hi Matt, In case of manually renew your certs i cannot help. Unfortunately I'm not an expert in these docker things. By default Ich think it isn't possible cause of docker nginx is listening on Port 80 and 443. To renew with certbot you habe to run a Webserver listening on Port 80. Best wishes, Ingo Am 12. Januar 2018 2:00:37 nachm. schrieb dixquatre <notifications@github.com>:

…

Thanks for the input. I don't have any AAAA since my provider does not provide any yet. I'll check my other records too. In the mean time, is there a way to manually renew the certificate? Could I use certbot install locally and then move/copy the certificate to the folder? Matt -- You are receiving this because you commented. Reply to this email directly or view it on GitHub: #550 (comment)

mkuron closed this as completed Apr 22, 2018

mkuron mentioned this issue Apr 22, 2018

Always the same problem with adding new domain #1305

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Let's encrypt certificate cannot be renewed #550

Let's encrypt certificate cannot be renewed #550

SEWADE commented Sep 4, 2017 •

edited

Dad-Ju commented Sep 5, 2017

SEWADE commented Sep 5, 2017

Dad-Ju commented Sep 5, 2017

SEWADE commented Sep 5, 2017 •

edited

Dad-Ju commented Sep 5, 2017

Dad-Ju commented Sep 7, 2017

SEWADE commented Sep 7, 2017

Dad-Ju commented Sep 7, 2017

SEWADE commented Sep 9, 2017

longtawan commented Oct 5, 2017

andryyy commented Oct 5, 2017

dixquatre commented Jan 11, 2018 •

edited

longtawan commented Jan 12, 2018 via email

dixquatre commented Jan 12, 2018

longtawan commented Jan 12, 2018 via email

Let's encrypt certificate cannot be renewed #550

Let's encrypt certificate cannot be renewed #550

Comments

SEWADE commented Sep 4, 2017 • edited

Dad-Ju commented Sep 5, 2017

SEWADE commented Sep 5, 2017

Dad-Ju commented Sep 5, 2017

SEWADE commented Sep 5, 2017 • edited

Dad-Ju commented Sep 5, 2017

Dad-Ju commented Sep 7, 2017

SEWADE commented Sep 7, 2017

Dad-Ju commented Sep 7, 2017

SEWADE commented Sep 9, 2017

longtawan commented Oct 5, 2017

andryyy commented Oct 5, 2017

dixquatre commented Jan 11, 2018 • edited

longtawan commented Jan 12, 2018 via email

dixquatre commented Jan 12, 2018

longtawan commented Jan 12, 2018 via email

SEWADE commented Sep 4, 2017 •

edited

SEWADE commented Sep 5, 2017 •

edited

dixquatre commented Jan 11, 2018 •

edited