Nextcloud mail certificate dns resolution

alex_it · July 20, 2020, 7:53pm

Hello,

I have configured a UCS Server with Nextcloud Hub, Mailserver and Let´s Encrypt and i want to configure mail in nextcloud.
I´m facing the folowing Problem:
I can´t configure Mail in nextcloud, because it can´t check the certificate and gets a tls-error.
The router does not support NAT-Loopback, so the client behind can´t resolve the DNS of nextcloud, so i added an entry to the hosts-file, so it can resolve DNS and check the certificate as valid.
But I have no idea how to configure the nextcloud-docker-container to resolve the dns or disable the certificate check.
Does someone have an idea or “best practice” to solve this problem?

with kind regards
Alex

Kevo · July 20, 2020, 8:39pm

I’ve been using Nextcloud on UCS for several versions at least and configured RainLoop mail client on Nextcloud and it’s working fine. I am using the UCS system as the DNS server and I haven’t had any issues.

alex_it · July 21, 2020, 6:35am

thanks for the quick answer.
I see what you mean, in this case i have the problem, that i don´t know how to add the entry “domain.net” for the mailserver-IP to the dns, for names like “client.domain.net” it´s working well.

Kevo · July 21, 2020, 12:08pm

Hmm… I’ve never thought to try using the top level domain for our server. It’s always been something like server.domain.com. I do an IP entered for my top level domain in the DNS settings of the UCS system, so I don’t think you should have any issues making it resolve if you are using UCS for DNS, but I’m not sure what other issues there might be.

To do that you just edit the domain under dns and there is a section ip addresses where you can add the IP.

Mornsgrans · July 21, 2020, 8:35pm

I did not configure any mail related DNS settings on my UCS server. So mail.mydomain.de - DNS-requests must be resolved by my router, which answers with the public UCS-server address.
Then my Nextcloud mail does connect without certificate error

Kevo · July 22, 2020, 1:38am

Your router is probably doing NAT-loopback which the OP said his router does not do.

Mornsgrans · July 22, 2020, 6:10am

I am not sure, whether my FritzBox 7490 can handle NAT-loopback

My /etc/resolv.conf:

domain mydomain.de
nameserver 192.168.xx.yy (IP of my UCS server)
nameserver 192.168.xx.1 (IP of my router)
options timeout:2

Maybe it might help