From 6ba8648a62ee7e7c437e7d459f4113dff7662a70 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Peters?= Date: Tue, 21 Apr 2020 14:04:38 +0200 Subject: [PATCH] Update firststeps-ssl.md --- docs/firststeps-ssl.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/firststeps-ssl.md b/docs/firststeps-ssl.md index 5a59a3619..47bb6e0a3 100644 --- a/docs/firststeps-ssl.md +++ b/docs/firststeps-ssl.md @@ -51,7 +51,7 @@ You can skip the **IP verification** by setting `SKIP_IP_CHECK=y` in mailcow.con If you encounter problems with "HTTP validation", but your IP confirmation succeeds, you are most likely using firewalld, ufw or any other firewall, that disallows connections from `br-mailcow` to your external interface. Both firewalld and ufw disallow this by default. It is often not enough to just stop these firewall services. You'd need to stop mailcow (`docker-compose down`), stop the firewall service, flush the chains and restart Docker. -You can also skip this validation method by setting `SKIP_HTTP_VERIFICATION=y` in "mailcow.conf". Be warned that this is discouraged. Some DNS validations (like TLSA lookups) in mailcow UI will fail. +You can also skip this validation method by setting `SKIP_HTTP_VERIFICATION=y` in "mailcow.conf". Be warned that this is discouraged. In most cases, the HTTP verification is skipped to workaround unknown NAT reflection issues, which are not resolved by ignoring this specific network misconfiguration. If you encounter problems generating TLSA records in the DNS overview within mailcow, you are most likely having issues with NAT reflection you should fix. If you changed a SKIP_* parameter, run `docker-compose up -d` to apply your changes.