Multiple domain and SSL #2087

damdinsharav · 2018-12-12T09:33:09Z

Hello. I have configured my mail server(mail.main.tld) with Let's encrypt and it's working great.

However, when I try to access additional domain (mail.secondary.tld) it gives me SSL error stating it belongs to mail.main.tld

I have made A name record for both mail.main.tld and mail.secondary.tld to same IP address.

Also I added

ADDITIONAL_SAN=mail.main.tld, mail.secondary.tld

How can I access mail.secondary.tld with SSL?

Thanks in advance.

andryyy · 2018-12-12T09:34:22Z

Hi,

ADDITIONAL_SAN=mail.main.tld,mail.secondary.tld

The white space must be removed.

After that run docker-compose up -d and check docker-compose logs -f acme-mailcow.

damdinsharav · 2018-12-13T04:27:44Z

Here's log
acme-mailcow_1_a66f36cc4cbb | Wed Dec 12 17:35:43 +08 2018 - Waiting for Docker API...OK
acme-mailcow_1_a66f36cc4cbb | Wed Dec 12 17:35:43 +08 2018 - Found Let's Encrypt or mailcow snake-oil CA issued certificate with SANs: autodiscover.secondary.tld autodiscover.main.tld mail.main.tld
acme-mailcow_1_a66f36cc4cbb | Wed Dec 12 17:35:44 +08 2018 - Waiting for database...
acme-mailcow_1_a66f36cc4cbb | Uptime: 782897 Threads: 20 Questions: 1197272 Slow queries: 0 Opens: 94 Flush tables: 1 Open tables: 86 Queries per second avg: 1.529
acme-mailcow_1_a66f36cc4cbb | Wed Dec 12 17:35:44 +08 2018 - Initializing, please wait...
acme-mailcow_1_a66f36cc4cbb | Wed Dec 12 17:35:44 +08 2018 - Detecting IP addresses... OK
acme-mailcow_1_a66f36cc4cbb | Wed Dec 12 17:36:04 +08 2018 - Waiting for domain table... OK
acme-mailcow_1_a66f36cc4cbb | Wed Dec 12 17:36:09 +08 2018 - Found A record for autodiscover.secondary.tld: x.231.113.7
acme-mailcow_1_a66f36cc4cbb | Wed Dec 12 17:36:09 +08 2018 - Confirmed A record autodiscover.secondary.tld
acme-mailcow_1_a66f36cc4cbb | Wed Dec 12 17:36:09 +08 2018 - Found A record for autodiscover.main.tld: x.231.113.7
acme-mailcow_1_a66f36cc4cbb | Wed Dec 12 17:36:09 +08 2018 - Confirmed A record autodiscover.main.tld
acme-mailcow_1_a66f36cc4cbb | Wed Dec 12 17:36:10 +08 2018 - Found A record for mail.main.tld: x.231.113.7
acme-mailcow_1_a66f36cc4cbb | Wed Dec 12 17:36:10 +08 2018 - Confirmed A record x.231.113.7
acme-mailcow_1_a66f36cc4cbb | Wed Dec 12 17:36:10 +08 2018 - Found AAAA record for mail.secondary.tld: 2606:4700:30::681b:beed - skipping A record check
acme-mailcow_1_a66f36cc4cbb | Wed Dec 12 17:36:10 +08 2018 - Cannot match your IP NO_IPV6_LINK against hostname mail.secondary.tld (2606:4700:0030:0000:0000:0000:681b:beed)
acme-mailcow_1_a66f36cc4cbb | acme-client: /var/lib/acme/acme/private/account.key: account key exists (not creating)
acme-mailcow_1_a66f36cc4cbb | acme-client: /var/lib/acme/acme/private/privkey.pem: domain key exists (not creating)
acme-mailcow_1_a66f36cc4cbb | acme-client: adding SAN: autodiscover.secondary.tld
acme-mailcow_1_a66f36cc4cbb | acme-client: adding SAN: autodiscover.main.tld
acme-mailcow_1_a66f36cc4cbb | acme-client: /var/lib/acme/acme/cert.pem: certificate valid: 76 days left
acme-mailcow_1_a66f36cc4cbb | Wed Dec 12 17:36:10 +08 2018 - Verified hashes.
acme-mailcow_1_a66f36cc4cbb | Wed Dec 12 17:36:10 +08 2018 - Certificate was not changed
acme-mailcow_1_a66f36cc4cbb | Wed Dec 12 17:36:10 +08 2018 - ACME certificate validation done. Sleeping for another day.
acme-mailcow_1_a66f36cc4cbb | Thu Dec 13 12:16:48 +08 2018 - Waiting for Docker API...OK
acme-mailcow_1_a66f36cc4cbb | Thu Dec 13 12:16:48 +08 2018 - Found Let's Encrypt or mailcow snake-oil CA issued certificate with SANs: autodiscover.secondary.tld autodiscover.main.tld mail.main.tld
acme-mailcow_1_a66f36cc4cbb | Thu Dec 13 12:16:48 +08 2018 - Waiting for database...
acme-mailcow_1_a66f36cc4cbb | Uptime: 6 Threads: 28 Questions: 230 Slow queries: 0 Opens: 72 Flush tables: 1 Open tables: 64 Queries per second avg: 38.333
acme-mailcow_1_a66f36cc4cbb | Thu Dec 13 12:16:48 +08 2018 - Initializing, please wait...
acme-mailcow_1_a66f36cc4cbb | Thu Dec 13 12:16:48 +08 2018 - Detecting IP addresses... OK
acme-mailcow_1_a66f36cc4cbb | Thu Dec 13 12:17:22 +08 2018 - Waiting for domain table... OK
acme-mailcow_1_a66f36cc4cbb | Thu Dec 13 12:17:29 +08 2018 - Found A record for autodiscover.secondary.tld: x.231.113.7
acme-mailcow_1_a66f36cc4cbb | Thu Dec 13 12:17:29 +08 2018 - Confirmed A record autodiscover.secondary.tld
acme-mailcow_1_a66f36cc4cbb | Thu Dec 13 12:17:30 +08 2018 - Found A record for autodiscover.main.tld: x.231.113.7
acme-mailcow_1_a66f36cc4cbb | Thu Dec 13 12:17:30 +08 2018 - Confirmed A record autodiscover.main.tld
acme-mailcow_1_a66f36cc4cbb | Thu Dec 13 12:17:31 +08 2018 - Found A record for mail.main.tld x.231.113.7
acme-mailcow_1_a66f36cc4cbb | Thu Dec 13 12:17:31 +08 2018 - Confirmed A record x.231.113.7
acme-mailcow_1_a66f36cc4cbb | Thu Dec 13 12:17:32 +08 2018 - Found A record for mail.secondary.tld: x.231.113.7
acme-mailcow_1_a66f36cc4cbb | Thu Dec 13 12:17:32 +08 2018 - Confirmed A record x.231.113.7
acme-mailcow_1_a66f36cc4cbb | acme-client: /var/lib/acme/acme/private/account.key: account key exists (not creating)
acme-mailcow_1_a66f36cc4cbb | acme-client: /var/lib/acme/acme/private/privkey.pem: domain key exists (not creating)
acme-mailcow_1_a66f36cc4cbb | acme-client: adding SAN: autodiscover.secondary.tld
acme-mailcow_1_a66f36cc4cbb | acme-client: adding SAN: autodiscover.main.tld
acme-mailcow_1_a66f36cc4cbb | acme-client: adding SAN: mail.secondary.tld
acme-mailcow_1_a66f36cc4cbb | acme-client: /var/lib/acme/acme/cert.pem: expanding with domain: mail.secondary.tld
acme-mailcow_1_a66f36cc4cbb | acme-client: /var/lib/acme/acme/cert.pem: certificate valid: 76 days left
acme-mailcow_1_a66f36cc4cbb | acme-client: /var/lib/acme/acme/cert.pem: forcing renewal
acme-mailcow_1_a66f36cc4cbb | acme-client: https://acme-v01.api.letsencrypt.org/directory: directories
acme-mailcow_1_a66f36cc4cbb | acme-client: https://acme-v01.api.letsencrypt.org/directory: bad comm
acme-mailcow_1_a66f36cc4cbb | acme-client: bad exit: netproc(323): 1
acme-mailcow_1_a66f36cc4cbb | Thu Dec 13 12:17:37 +08 2018 - Error requesting certificate, restoring from previous acme request and restarting containers...
acme-mailcow_1_a66f36cc4cbb | Thu Dec 13 12:17:37 +08 2018 - Verified hashes.
acme-mailcow_1_a66f36cc4cbb | Reloading Nginx...
acme-mailcow_1_a66f36cc4cbb | Reloading Dovecot...
acme-mailcow_1_a66f36cc4cbb | Reloading Postfix...
acme-mailcow_1_a66f36cc4cbb | Thu Dec 13 12:17:38 +08 2018 - Retrying in 30 minutes...

I'm forcing SLS according to this guide.
https://mailcow.github.io/mailcow-dockerized-docs/u_e-80_to_443/
Does it have anything to do with it?

damdinsharav · 2018-12-13T05:16:53Z

Thank you @andryyy . Removing whitespace did the trick. I think I was having temporary let's encrypt error. Now all good.

jiapei100 · 2023-06-25T17:26:36Z

@damdinsharav @andryyy

Can you guys please help to take a look and give me a hand please?

The FIRST screenshot shows what's happening in my Digital Ocean Droplet.
The SECOND screenshot clearly told me that NONE certificate is found .
The THIRD screenshot is for mailcow.conf, for configuration of ADDITIONAL_SAN and ADDITIONAL_SERVER_NAMES.
The FORTH screenshot clearly told me that my second domain needs an available Cerbot certificate.
The FIFTH screenshot seems to tell me that my mail server's SSL is NOT the same as my second domain's SSL ????? Not quite sure how come and why?