Diagnose certificate issues, add missing ServerAliases

2026-02-15 23:16:59 +01:00 · 2026-02-15 23:16:59 +01:00 · 1bc85803a9
commit 1bc85803a9
parent ba7e32a2a7
2 changed files with 14 additions and 14 deletions
--- a/nix-system-configs/modules/system/mail-server.nix
+++ b/nix-system-configs/modules/system/mail-server.nix
@ -121,15 +121,15 @@ in {
          hostname = "mail.prg-radio.org";
          domain = "prg-radio.org";
        };
-        acme."letsencrypt" = {
-          directory = "https://acme-v02.api.letsencrypt.org/directory";
-          challenge = "dns-01";
-          # reference the contact and secret via files under /etc/stalwart
-          contact = "%{file:/etc/stalwart/cloudflare-username}%";
-          domains = ["prg-radio.org" "mail.prg-radio.org"];
-          provider = "cloudflare";
-          secret = "%{file:/etc/stalwart/acme-secret}%";
-        };
+        #   acme."letsencrypt" = {
+        #     directory = "https://acme-v02.api.letsencrypt.org/directory";
+        #    challenge = "dns-01";
+        #   # reference the contact and secret via files under /etc/stalwart
+        #    contact = "%{file:/etc/stalwart/cloudflare-username}%";
+        #   domains = ["prg-radio.org" "mail.prg-radio.org"];
+        #   provider = "cloudflare";
+        #   secret = "%{file:/etc/stalwart/acme-secret}%";
+        #};
        session.auth = {
          mechanisms = ["plain"];
          directory = "in-memory";
--- a/nix-system-configs/modules/system/traefik.nix
+++ b/nix-system-configs/modules/system/traefik.nix
@ -371,7 +371,7 @@ in {

          # Mail HTTP (JMAP / web) - terminate TLS at Traefik and forward to Stalwart JMAP HTTP listener
          mail = {
-            rule = "Host(`mail.prg-radio.org`)";
+            rule = "Host(`mail.prg-radio.org`,`mta-sts.prg-radio.org`,`autoconfig.prg-radio.org`,`autodiscover.prg-radio.org`)";
            service = "mail-jmap";
            entryPoints = ["websecure"];
            tls = {certresolver = "acme";};
@ -379,7 +379,7 @@ in {

          # Mail web administration UI (Stalwart management) - exposed under /management
          mail-webadmin = {
-            rule = "Host(`mail.prg-radio.org`) && PathPrefix(`/management`)";
+            rule = "Host(`mail.prg-radio.org`,`mta-sts.prg-radio.org`,`autoconfig.prg-radio.org`,`autodiscover.prg-radio.org`) && PathPrefix(`/management`)";
            service = "mail-webadmin";
            entryPoints = ["websecure"];
            tls = {certresolver = "acme";};
@ -517,17 +517,17 @@ in {

          # Mail TCP services
          mail-smtp.loadBalancer = {
-                  proxyProtocol = { version = 2; }; # Add this line
+            proxyProtocol = {version = 2;}; # Add this line
            servers = [{address = "10.1.1.15:25";}];
          };

          mail-smtps.loadBalancer = {
-                  proxyProtocol = { version = 2; }; # Add this line
+            proxyProtocol = {version = 2;}; # Add this line
            servers = [{address = "10.1.1.15:465";}];
          };

          mail-imaps.loadBalancer = {
-                  proxyProtocol = { version = 2; }; # Add this line
+            proxyProtocol = {version = 2;}; # Add this line
            servers = [{address = "10.1.1.15:993";}];
          };
        };