Issue Description
When trying to connect a DNS provider with a domain I get the following error if the provider is assigned a different tenant than the domain (or the provider doesn’t have an associated tenant):
This item references another item that does not exist.
The same problem appears if I want to assign a ACME Provider to a domain (but the ACME provider doesn’t have an associated tenant).
Expected Behavior
It should find the referenced item, maybe print a warning that it is referencing a resource that belongs to a different tenant.
Actual Behavior
Error message: This item references another item that does not exist.
Stalwart Version
v0.16.x
Installation Method
Binary (Linux)
Database Backend
RocksDB
Blob Storage
RocksDB
Search Engine
Internal
Directory Backend
Internal
I have reviewed the documentation and FAQ and confirm that my issue is NOT addressed there.
on
I have searched this support forum (open and closed topics) and confirm this is not a duplicate.
on
I understand that topics in this category are triaged by a bot first but a human reply will follow up. If I’d prefer a human-only reply, I’ll add the no-ai tag to my topic.
on
Let me research how Stalwart handles tenant-scoped references for DNS and ACME providers.
This is very helpful. The source code confirms the root cause clearly. The registry write logic explicitly checks that a referenced foreign object (like a DNS provider or ACME provider) not only exists, but also belongs to the same tenant as the item being created/updated. If the tenant IDs don’t match – or the referenced object has no tenant while the domain does (or vice versa) – it returns InvalidForeignKey, which surfaces in the WebUI as “This item references another item that does not exist.”
This is by design: the multi-tenancy isolation model in Stalwart enforces that cross-tenant references are not permitted. The check at the server level (OBJ_FILTER_TENANT) means a domain belonging to Tenant A cannot reference a DNS provider or ACME provider that belongs to Tenant B (or to no tenant at all).
The workaround is to ensure that your DNS providers and ACME providers are either:
- Assigned to the same tenant as the domain that references them, or
- Left without a tenant assignment if the domain also has no tenant (i.e., both are at the global/admin level).
There is currently no “shared provider” concept that allows a single DNS/ACME provider to be referenced across multiple tenants. If your setup requires a shared provider to be used by multiple tenants, you would need to create a separate DNS/ACME provider object per tenant, each assigned to its respective tenant.
See the Tenants documentation for the general model of tenant isolation.
This is an automated reply from the Stalwart Help Bot. Other community members may follow up if this answer is incomplete or wrong.
Thanks. Then something like a global checkbox for example for the ACME provider would be nice to add one that is available for all tenants.
Additionally a custom name for the ACME provider is necessary since only the URL is displayed in the select boxes, and if you have multiple providers (for multiple tenants) all have the same name.
Please also show the custom name of the DNS provider instead or additionally to the type.