xbyte

  • Oct 27, 2022
  • Joined Jan 3, 2022
  • 2 discussions
  • 10 posts
  • 2 best answers
  • Post posted... wait what? You got the answer!
  • One more thing, you do not need autoconfig for all domains, only for the domain where the mailcow installed.
    Mail client parse email string sales@my-domain.com, do DNS request for my-domain.com for MX record (as example MX record is mail.gmx.net) and then ask autoconfig.gmx.net for configuration

    Hope this help =)

  • check my conf -
    autocomplete and autodiscover works fine
    One thing does not work, I do not know the reason, but the containers do not reload when receiving a new certificate

    version: '2.1'
    
    services:
        nginx-mailcow:
          networks:
            web:
          labels:
            - traefik.enable=true
            - traefik.http.routers.moo.rule=Host(`${MAILCOW_HOSTNAME}`)
            - traefik.http.routers.moo.tls=true
            - traefik.http.routers.moo.tls.certresolver=production
            - traefik.http.routers.moo.tls.domains[0].main=mail.server.eu #addsubdomains to certificat
            - traefik.http.routers.moo.tls.domains[0].sans=autoconfig.server.eu, autodiscover.server.eu #addsubdomains to certificat
            - traefik.http.services.moo.loadbalancer.server.port=${HTTP_PORT}
            - traefik.http.routers.moo.entrypoints=websecure
            #autoconfig part
            - traefik.http.routers.moo-autoconfig.entrypoints=websecure
            - traefik.http.routers.moo-autoconfig.rule=HostRegexp(`{host:(autodiscover|autoconfig).+}`)
            - traefik.http.routers.moo-autoconfig.tls=true
            - traefik.http.routers.moo-autoconfig.tls.certresolver=production
            - traefik.docker.network=web
    
        certdumper:
            image: humenius/traefik-certs-dumper:latest
            container_name: traefik_certdumper
            network_mode: none
            command: --restart-containers mailcow_postfix-mailcow_1,mailcow_dovecot-mailcow_1,mailcow_nginx-mailcow_1
            volumes:
              - /etc/localtime:/etc/localtime:ro
              - /opt/traefik/data/ssl-certs:/traefik:ro
              - /var/run/docker.sock:/var/run/docker.sock:ro
              - ./data/assets/ssl/:/output:rw
            environment:
              - DOMAIN=${MAILCOW_HOSTNAME}
    
    networks:
      web:
        external: true
  • mark topic as resolved

  • check the logs, because the certificates from LE should be created for you automatically
    docker-compose logs acme-mailcow

    • u forget to add ptr(reverse dns record)
      go to your domain control panel and add and it will fix it

    • I ran the mailcow update again and it fixed everything.
      The problem is completely solved, but I really want to understand what was wrong.

      If anyone can explain what was wrong, or at least tell me what could be wrong, I’d really appreciate it

    • after updating mailcow to a newest ver i got new error
      bash helper-scripts/expiry-dates.sh

      unable to load certificate
      140659514230080:error:0909006C:PEM routines:get_name:no start line:../crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE
      TLS expiry dates:
      Postfix: Dec 31 16:55:58 2021 GMT
      Dovecot:
      Nginx: Apr 2 21:19:08 2022 GMT
    • I have my mailcow server up and running for year or more with no problems.
      Now i need add traefik reverse proxy.
      I’ve configured Traefik and humenius/traefik-certs-dumper.
      my mailcow UI work ok with traefik ssl cert but email clients get old outdated cert and i cant figure out why its happend.
      and yes i know that i need to restart mailcow services which looks like the simplest answer but it didnt help

      docker restart $(docker ps -qaf name=postfix-mailcow)
      docker restart $(docker ps -qaf name=nginx-mailcow)
      docker restart $(docker ps -qaf name=dovecot-mailcow)

      httpbind ports changed and letsencrypt skiped in mailcow.conf

      SKIP_LETS_ENCRYPT=y
      HTTP_BIND=127.0.0.1
      HTTP_PORT=8080
      HTTPS_BIND=127.0.0.1
      HTTPS_PORT=8443

      my mailcow docker-compose.override.yml

      `version: '2.1'
      
      services:
          nginx-mailcow:
            networks:
              web:
            labels:
              - traefik.enable=true
              - traefik.http.routers.moo.rule=Host(`${MAILCOW_HOSTNAME}`)
              - traefik.http.routers.moo.tls=true
              - traefik.http.routers.moo.tls.certresolver=production
              - traefik.http.services.moo.loadbalancer.server.port=${HTTP_PORT}
              - traefik.http.routers.moo.entrypoints=websecure
              - traefik.docker.network=web
      
          certdumper:
              image: humenius/traefik-certs-dumper:latest
              container_name: traefik_certdumper
              network_mode: none
              command: --restart-containers mailcow_postfix-mailcow_1,mailcow_dovecot-mailcow_1,mailcow_nginx-mailcow_1
              volumes:
                - /etc/localtime:/etc/localtime:ro
                - /opt/traefik/data/ssl-certs:/traefik:ro
                - /var/run/docker.sock:/var/run/docker.sock:ro
                - ./data/assets/ssl/:/output:rw
              environment:
                - DOMAIN=${MAILCOW_HOSTNAME}
      
      networks:
        web:
          external: true`

      my traefik docker-compose

      `version: '3'
      
      services:
        traefik:
          image: "traefik:v2.5"
          container_name: "traefik"
          networks:
            - web
          ports:
            - "80:80"
            - "443:443"
            # (Optional) Expose Dashboard
            #- "8080:8080"  # Don't do this in production!
          volumes:
            - /etc/localtime:/etc/localtime:ro
            - /opt/traefik:/opt/traefik
            - ./data/ssl-certs:/ssl-certs
            - ./data/traefik.yml:/traefik.yml:ro
            - /var/run/docker.sock:/var/run/docker.sock:ro
      
          labels:
            - "traefik.enable=true"
            - "traefik.http.routers.traefik.tls=true"
            - "traefik.http.routers.traefik.tls.certresolver=production"
            - "traefik.http.routers.traefik.rule=Host(`traefik.domain.eu`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
            - "traefik.http.routers.traefik.service=api@internal"
            - "traefik.http.routers.traefik.middlewares=auth"
            - "traefik.http.middlewares.auth.basicauth.users=admin:*****************************************"
      
      networks:
        web:
          external: true

      my traefik.yml

      `global:
      checkNewVersion: true
      sendAnonymousUsage: false # true by default
      
      api:
      dashboard: true # true by default
      
      entryPoints:
      web:
      address: :80
      
      (Optional) Redirect to HTTPS
      —
      http:
      redirections:
      entryPoint:
      to: websecure
      scheme: https
      
      websecure:
      address: :443
      
      certificatesResolvers:
      
      staging:
      acme:
      email: ***@gmail.com
      storage: /ssl-certs/acme.json
      caServer: “https://acme-staging-v02.api.letsencrypt.org/directory”
      httpChallenge:
      entryPoint: web
      production:
      acme:
      email: ***@gmail.com
      storage: /ssl-certs/acme.json
      caServer: “https://acme-v02.api.letsencrypt.org/directory”
      httpChallenge:
      entryPoint: web
      
      providers:
      file:
      filename: dynamic.yml
      #
      docker:
      exposedByDefault: false # Default is true`
        • Best Answerset by xbyte

        I ran the mailcow update again and it fixed everything.
        The problem is completely solved, but I really want to understand what was wrong.

        If anyone can explain what was wrong, or at least tell me what could be wrong, I’d really appreciate it