Shutdown mailcow from VPS and installed new to self hosted. SSLblocked

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: mail.ossworks.com

I ran this command: new install

It produced this output: Your connection is not private

My web server is (include version): Mailcow

The operating system my web server runs on is (include version): Ubuntu 19.10

My hosting provider, if applicable, is: Me, it used to be Digital Ocean

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no?
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):neither of those commands give any output

ok, so I have (recently) installed mailcow on a VPS, to see if it worked… my intention was to keep it online. well I managed to convince my ISP to give me an additional routed IP with rDNS. So i have shutdown the VPS, and installed mailcow on a self hosted mail server.

After getting all my NAT’s working, and Routing worked out, I ran the start up script for mailcow. here are the logs from acme. (please be patient with me, I am very new to linux software, so I am very lost right now, I do have a moderate understanding of networking though…)

2/20/2020, 8:03:48 PM Use SKIP_LETS_ENCRYPT=y in mailcow.conf to skip it permanently.
2/20/2020, 8:03:48 PM Cannot validate any hostnames, skipping Let’s Encrypt for 1 hour.
2/20/2020, 8:03:48 PM Confirmed A record with IP 67.59.72.86, but HTTP validation failed
2/20/2020, 8:01:37 PM Found A record for mail.ossworks.com: 67.59.72.86
2/20/2020, 8:01:37 PM Confirmed A record with IP 67.59.72.86, but HTTP validation failed
2/20/2020, 7:59:26 PM Found A record for autoconfig.ossworks.com: 67.59.72.86
2/20/2020, 7:59:25 PM Confirmed A record with IP 67.59.72.86, but HTTP validation failed
2/20/2020, 7:57:15 PM Found A record for autodiscover.ossworks.com: 67.59.72.86
2/20/2020, 7:57:14 PM OK
2/20/2020, 7:56:55 PM Detecting IP addresses…

I am assuming that Letsencrypt is still pointing SSL validation to the old server that has since been shutdown. how do I fix this?

2

Hi,

Is the IP 67.59.72.86 the one your website should be using?
It seems like it’s one IP from a private ISP (other than DigitalOcean) and resolved correctly.

Do you know what acme client are you using?
(Are you using acme-mailcow?)

Thank you

1 Like
3

Hello, thank you for the quick reply!

that IP is infact the IP that my ISP has given me, it registers with my PFsense firewall, and is routed, with rDNS configured, and confirmed.

I am using acme mailcow to request the certificate.

1 Like
4

Hi,

I think this is a networking issue…
According to the below GitHub issue, the error message above means acme-mailcow can’t connect to itself from external interface…

This is not an issue between Let’s Encrypt server and your acme client, the script hasn’t got that far yet. (I assume they are performing a self check to make sure everything is okay, before actually attempting to get the certificate)

(The solution from above issue fall inside networking… So I hope you can figure it out… since I personally have no clue about this)

Thank you

1 Like
5

hhmm I will have a look at the OS firewall, to see if it is blocking anything. Thank you for the guidance!

1 Like
6

Found the culprit. NAT was not fully directing http back to server… I dislike how pfsense directs traffic. ohwell its working now!

2 Likes
7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.