One more thing, you do not need autoconfig for all domains, only for the domain where the mailcow installed.
Mail client parse email string sales@my-domain.com, do DNS request for my-domain.com for MX record (as example MX record is mail.gmx.net) and then ask autoconfig.gmx.net for configuration
Hope this help =)
check my conf -
autocomplete and autodiscover works fine
One thing does not work, I do not know the reason, but the containers do not reload when receiving a new certificate
version: '2.1'
services:
nginx-mailcow:
networks:
web:
labels:
- traefik.enable=true
- traefik.http.routers.moo.rule=Host(`${MAILCOW_HOSTNAME}`)
- traefik.http.routers.moo.tls=true
- traefik.http.routers.moo.tls.certresolver=production
- traefik.http.routers.moo.tls.domains[0].main=mail.server.eu #addsubdomains to certificat
- traefik.http.routers.moo.tls.domains[0].sans=autoconfig.server.eu, autodiscover.server.eu #addsubdomains to certificat
- traefik.http.services.moo.loadbalancer.server.port=${HTTP_PORT}
- traefik.http.routers.moo.entrypoints=websecure
#autoconfig part
- traefik.http.routers.moo-autoconfig.entrypoints=websecure
- traefik.http.routers.moo-autoconfig.rule=HostRegexp(`{host:(autodiscover|autoconfig).+}`)
- traefik.http.routers.moo-autoconfig.tls=true
- traefik.http.routers.moo-autoconfig.tls.certresolver=production
- traefik.docker.network=web
certdumper:
image: humenius/traefik-certs-dumper:latest
container_name: traefik_certdumper
network_mode: none
command: --restart-containers mailcow_postfix-mailcow_1,mailcow_dovecot-mailcow_1,mailcow_nginx-mailcow_1
volumes:
- /etc/localtime:/etc/localtime:ro
- /opt/traefik/data/ssl-certs:/traefik:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./data/assets/ssl/:/output:rw
environment:
- DOMAIN=${MAILCOW_HOSTNAME}
networks:
web:
external: truemark topic as resolved
check the logs, because the certificates from LE should be created for you automatically
docker-compose logs acme-mailcow
u forget to add ptr(reverse dns record)
go to your domain control panel and add and it will fix it
after updating mailcow to a newest ver i got new error
bash helper-scripts/expiry-dates.sh
unable to load certificate
140659514230080:error:0909006C:PEM routines:get_name:no start line:../crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE
TLS expiry dates:
Postfix: Dec 31 16:55:58 2021 GMT
Dovecot:
Nginx: Apr 2 21:19:08 2022 GMTI have my mailcow server up and running for year or more with no problems.
Now i need add traefik reverse proxy.
I’ve configured Traefik and humenius/traefik-certs-dumper.
my mailcow UI work ok with traefik ssl cert but email clients get old outdated cert and i cant figure out why its happend.
and yes i know that i need to restart mailcow services which looks like the simplest answer but it didnt help
docker restart $(docker ps -qaf name=postfix-mailcow)
docker restart $(docker ps -qaf name=nginx-mailcow)
docker restart $(docker ps -qaf name=dovecot-mailcow)httpbind ports changed and letsencrypt skiped in mailcow.conf
SKIP_LETS_ENCRYPT=y
HTTP_BIND=127.0.0.1
HTTP_PORT=8080
HTTPS_BIND=127.0.0.1
HTTPS_PORT=8443my mailcow docker-compose.override.yml
`version: '2.1'
services:
nginx-mailcow:
networks:
web:
labels:
- traefik.enable=true
- traefik.http.routers.moo.rule=Host(`${MAILCOW_HOSTNAME}`)
- traefik.http.routers.moo.tls=true
- traefik.http.routers.moo.tls.certresolver=production
- traefik.http.services.moo.loadbalancer.server.port=${HTTP_PORT}
- traefik.http.routers.moo.entrypoints=websecure
- traefik.docker.network=web
certdumper:
image: humenius/traefik-certs-dumper:latest
container_name: traefik_certdumper
network_mode: none
command: --restart-containers mailcow_postfix-mailcow_1,mailcow_dovecot-mailcow_1,mailcow_nginx-mailcow_1
volumes:
- /etc/localtime:/etc/localtime:ro
- /opt/traefik/data/ssl-certs:/traefik:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./data/assets/ssl/:/output:rw
environment:
- DOMAIN=${MAILCOW_HOSTNAME}
networks:
web:
external: true`my traefik docker-compose
`version: '3'
services:
traefik:
image: "traefik:v2.5"
container_name: "traefik"
networks:
- web
ports:
- "80:80"
- "443:443"
# (Optional) Expose Dashboard
#- "8080:8080" # Don't do this in production!
volumes:
- /etc/localtime:/etc/localtime:ro
- /opt/traefik:/opt/traefik
- ./data/ssl-certs:/ssl-certs
- ./data/traefik.yml:/traefik.yml:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.tls=true"
- "traefik.http.routers.traefik.tls.certresolver=production"
- "traefik.http.routers.traefik.rule=Host(`traefik.domain.eu`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
- "traefik.http.routers.traefik.service=api@internal"
- "traefik.http.routers.traefik.middlewares=auth"
- "traefik.http.middlewares.auth.basicauth.users=admin:*****************************************"
networks:
web:
external: truemy traefik.yml
`global:
checkNewVersion: true
sendAnonymousUsage: false # true by default
api:
dashboard: true # true by default
entryPoints:
web:
address: :80
(Optional) Redirect to HTTPS
—
http:
redirections:
entryPoint:
to: websecure
scheme: https
websecure:
address: :443
certificatesResolvers:
staging:
acme:
email: ***@gmail.com
storage: /ssl-certs/acme.json
caServer: “https://acme-staging-v02.api.letsencrypt.org/directory”
httpChallenge:
entryPoint: web
production:
acme:
email: ***@gmail.com
storage: /ssl-certs/acme.json
caServer: “https://acme-v02.api.letsencrypt.org/directory”
httpChallenge:
entryPoint: web
providers:
file:
filename: dynamic.yml
#
docker:
exposedByDefault: false # Default is true`