Docker-mailserver: LetsEncrypt SSL Issue

Created on 9 May 2017 · 13Comments · Source: tomav/docker-mailserver

Hi all,

Firstly, thank you for creating this project - it was very much needed!

I seem to be having issues with the mailserver using the LetsEncrypt SSL certificate option in the docker-compose.yml file:

- SSL_TYPE=letsencrypt

When using it, I seem to get the self-signed certificates coming up even though the location of the letsencrypt certs is correct:

/etc/letsencrypt/live

Does anyone know of anything I can do to debug, or even better fix this issue?

question

Source

nicholasball

Most helpful comment

I think I have found the solution
This:

docker run --rm -ti -v $PWD/log/:/var/log/letsencrypt/ -v $PWD/etc/:/etc/letsencrypt/ -p 443:443 deliverous/certbot certonly --standalone -d mail.myserver.tld

Must be like this:

docker run --rm -ti -v $PWD/log/:/var/log/letsencrypt/ -v $PWD/etc/letsencrypt/:/etc/letsencrypt/ -p 443:443 deliverous/certbot certonly --standalone -d mail.myserver.tld

in the wiki part ....

k1ngf15h3r on 22 Jun 2017

👍2

All 13 comments

Die you Mount your /etc/letsencrypt folder to the container?

mabunixda on 9 May 2017

Yep, there's a a check on provided files.
@nicholasball have a look to this part of the code: https://github.com/tomav/docker-mailserver/blob/master/target/start-mailserver.sh#L721-L745

tomav on 9 May 2017

@mabunixda I thought I was, but maybe I'm doing it wrong. Not great with compose tbh.
I have this configured at the moment:

certs:/etc/letsencrypt/live

The certificates are in the certs folder on the same level as the yml file. Does this sound correct?

nicholasball on 9 May 2017

Hmm no you must create the certs in the host before Passing them to the container

mabunixda on 9 May 2017

I have the certs created, placed them both in /certs/ and in the directory where the yml config file is. Maybe I'm missing something?

nicholasball on 9 May 2017

Did an inspect on the docker container and I get this configuration:

{ "Type": "bind", "Source": "/home/docker-mailserver/certs", "Destination": "/etc/letsencrypt/live", "Mode": "rw", "RW": true, "Propagation": "" },

And nothing from the logs indicating that the SSL cert are being used:

nicholasball on 9 May 2017

OK I got it to work. Seems as though I had an issue with the actual cert files as well as mounting them to the correct place.

Thanks all

nicholasball on 9 May 2017

👍1

Great!

tomav on 10 May 2017

Sorry to open this back up but what was the solution. I am having the same issue. Can you share your compose yml?

Shifter2600 on 20 May 2017

Yes, please, share the setup.

masterial on 26 May 2017

Same Problem here! Added /root/docker/letsencrypt/etc/letsencrypt:/etc/letsencrpyt to volumes in the docker-compose.yml certs were generated on host successfully.

Can you please share the solution?!

k1ngf15h3r on 22 Jun 2017

I think I have found the solution
This:

docker run --rm -ti -v $PWD/log/:/var/log/letsencrypt/ -v $PWD/etc/:/etc/letsencrypt/ -p 443:443 deliverous/certbot certonly --standalone -d mail.myserver.tld

Must be like this:

docker run --rm -ti -v $PWD/log/:/var/log/letsencrypt/ -v $PWD/etc/letsencrypt/:/etc/letsencrypt/ -p 443:443 deliverous/certbot certonly --standalone -d mail.myserver.tld

in the wiki part ....

k1ngf15h3r on 22 Jun 2017

👍2

@k1ngf15h3r I tried your solution, but still failed. I also mount "- /root/docker/letsencrypt/etc/letsencrypt:/etc/letsencrpyt" volumes in docker-compose.yml

when validated certificates, some issues here:
docker exec mail openssl s_client -connect 0.0.0.0:25 -starttls smtp -CApath /etc/letsencrypt
s_client: Not a directory: /etc/letsencrypt
s_client: Use -help for summary.