EnglishHello,
my mailcow watchdog sends me every day an e-mail with the warning that my certificate expired. However, I don’t use the certificate which the mailcow watchdog complains, anymore. The certificate is handled by a reverse proxy in front of the mailserver.
How can I disable the mailcow watchdog certcheck or simply remove the vcertificate the watchdog tries to check every day?
Thanks,
Thomas
I never had this happen and I also use my reverse proxy for certificates.
Even if the certificate is handled by the reverse proxy, you still need it inside mailcow. Are you sure your SMTPS/IMAPS etc. is working correctly?
Have something to say?
Join the community by quickly registering to participate in this discussion. We'd like to see you joining our great moo-community!
D4niel why should I need the certificate inside mailcow? The specific server is only reachable via WebUI and IMAP from the outside via a reverse proxy and in this case the reverse proxy handles all certificates. For receiving mails the server is not reachable from the Internet, but it collects the mails from external mailboxes. So, I think there is no need for havin the certificate on the server. Also everything works fine since months. The only issue is that the mailcow watchdog reports such certificate problem.
Any ideas?
Really no ideas here?
Did you try to disable Letsencrypt?
Advanced SSL - mailcow: dockerized documentation docs.mailcow.email
DocFraggle Yes, the option “SKIP_LETS_ENCRYPT=y” is set in my mailcow.conf, but mailcow still tries to verify the certificate.
OK, then I guess it’s not currently possible to do that. Your case is quite unusual because most (if not all) people don’t reverse-proxy their IMAP and/or SMTP service as well…
You could deactivate the watchdog completely, but then containers wouldn’t be restarted if they crash
Just noting I also have this exact problem. I have an existing Reverse Proxy and have no desire to put two of them back to back, so commenting here that I don’t think this is at all an unusual situation, people host other services and use reverse proxies to do that. Having some configuration directive to disable SSL certificates in the mallow reverse proxy would be very welcome. Assuming I’m not misunderstanding something of course.
marshalleq No, not an unusual situation at all, but it’s unusual to not copy the certificate and key from your reverse proxy to your mailcow as described here (your certificate’s source location could differ if course)
Overview - mailcow: dockerized documentation docs.mailcow.email
Or create a self signed certificate expiring in 20 years and put it there
Interesting, this is an area I’ve never really understood. I suspect this is the cause of my mail can’t send when outside the network random issue I have been having. Always thought it was certificate issue and I didn’t know I could share the same certificate on two hosts. I will have to figure this out. Thanks for the tip. This is I suspect why thn80 reverse proxied their imap and smtp to get around that. I would too if it was easier. I may just look that up…. Figuring out how to copy over and keep up to date a certificate from letsencrypt that expires every 90 days and the restarting of services sounds a lot harder.
