Hello everyone,
I used mailcow with docker and traefik v2.
In my mailcow.conf I configure this:
SKIP_LETS_ENCRYPT=y
ENABLE_SSL_SNI=n
To explain my config, my mailcow is available under mx.mydomain.com. On this server I will hosted several domain like mydomain2.de, mydomain3.org etc. All this Domains have CNAME’s like this:
autoconfig.mydomain2.de CNAME mx.mydomain.com
autodiscover.mydomain2.de CNAME mx.mydomain.com
autoconfig.mydomain3.org CNAME mx.mydomain.com
autodiscover.mydomain3.org CNAME mx.mydomain.com
Now would like to make it possible, that all domains can be set up via autoconfig/autodiscover. When I try to set up a mailbox with Thunderbird, for example, this does not work and I get an error in the Traefik log. The error message looks like this.
http: TLS handshake error from xx.xxx.xx.xx strict SNI enabled - No certificate found for domain: \"autoconfig.mydomain2.de\", closing connection"
time="2021-11-09T22:03:53Z" level=debug msg="http: TLS handshake error from xx.xxx.xx.xx strict SNI enabled - No certificate found for domain: \"autodiscover.mydomain2.de\", closing connecti
Now the question is where is my mistake in this case? Is it mandatory to create a certificate for the subdomains autoconfig.* and autodisocver.* for each domain I create in Mailcow? In an old Postfix environment I did not have to issue a certificate for each domain and solved it via a NGINX rule as follows. Why does the whole thing no longer work with mailcow?
I would not like to create separate certificates for each domain because of the security, as then all additional domains are displayed in the certificate that is also responsible for the main domain (mx.mydomain.com).
I would like to handle the complete autoconfig / autodiscover via the main domain mx.mydomain.com without creating individual certificates for each e-mail domain.
Config from my old Postfix standalone environment
server {
listen 80;
server_name autoconfig.*;
return 301 https://mailconfig.mydomain.de$request_uri;
}
My Traefik Lables configuration looks like this. I wanted to ensure that all requests concerning autodiscover.* and autoconfig.* are correctly redirected to the main domain mx.mydomain.de and can then be processed. But this does not work. Does anyone have an idea where the error lies or what I need to change?
labels:
#Admin
- "traefik.enable=true"
- "traefik.docker.network=traefik_network"
- "traefik.http.routers.nginx-mailcow.entrypoints=https"
- "traefik.http.routers.nginx-mailcow.rule=Host(`mx.mydomain.com`)
- "traefik.http.routers.nginx-mailcow.tls=true"
- "traefik.http.routers.nginx-mailcow.tls.certresolver=tlschallenge"
- "traefik.http.routers.nginx-mailcow.service=nginx-mailcow"
- "traefik.http.services.nginx-mailcow.loadbalancer.server.port=8181"
#Autoconfig
- "traefik.http.routers.nginx-mailcow-autoconfig.entrypoints=http"
- "traefik.http.routers.nginx-mailcow-autoconfig.rule=HostRegexp(`{host:(autodiscover|autoconfig|mail|email).+}`)"
- "traefik.http.routers.nginx-mailcow-autoconfig.middlewares=autoconfig"
- "traefik.http.routers.nginx-mailcow-autoconfig.service=nginx-mailcow-autoconfig"
- "traefik.http.services.nginx-mailcow-autoconfig.loadbalancer.server.port=80"
- "traefik.http.routers.nginx-mailcow-autoconfig.priority=1000"
#Autoconfig Middleware
- "traefik.http.middlewares.autoconfig.redirectregex.regex=^http://autoconfig/(.*)"
- "traefik.http.middlewares.autoconfig.redirectregex.replacement=https://mx.mydomain.com/$${1}"
Regards!