Hello!
I am using poste io as my mail server in Docker container. To acquire https LE certificate I have 3 options:
- using poste io option to take a challenge (it throws in my case
LEScript.ERROR: 500 { "type": "urn:ietf:params:acme:error:serverInternal", "detail": "Unable to update challenge", "status": 500 }
orVerification timed out
. - manually importing certificates (private, public parts of certificate and intermediate certificate) via Web GUI/
- mapping keys to docker container from Traefik
Since I am beginner in Traefik (it's hard for me to figure out how to redirect properly /.well-known/
to fix problem with first option) I want to map certificates and keys to poste.io container, but after extracting certificates with this script I am getting only one certificate and one private key (I can't find public part of certificate).
openssl s_client
says that poste io provides traefik's default cert (unsecure).
So, my question is: how can I pass LE TLS & HTTPS keys to my mail Docker container?
Here is my docker-compose config for poste io container.
version: "3"
services:
poste:
image: "analogic/poste.io"
container_name: "mail"
restart: "always"
volumes:
- "/etc/localtime:/etc/localtime:ro"
- "/pathTo/mail/data:/data"
hostname: "mail.domain.my"
ports:
- '25:25'
- '465:465'
- '110:110'
- '143:143'
- '587:587'
- '993:993'
- '995:995'
- '4190:4190'
environment:
- HTTPS=OFF
labels:
- "traefik.enable=true"
- "traefik.http.routers.mail.rule=Host(`mail.domain.my`)"
- "traefik.http.routers.mail.entrypoints=secure"
- "traefik.http.routers.mail.tls=true"
- "traefik.http.routers.mail.tls.certresolver=le"
- "traefik.http.services.mail.loadbalancer.server.port=80"
networks:
- web
networks:
web:
external:
name: web
My traefik.yml
:
#Define HTTP and HTTPS entrypoints
entryPoints:
insecure:
address: ":80"
secure:
address: ":443"
#Dynamic configuration will come from docker labels
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
network: "web"
exposedByDefault: false
#Enable acme with http file challenge
certificatesResolvers:
le:
acme:
email: acme@domain.my
storage: /acme.json
httpChallenge:
# used during the challenge
entryPoint: insecure
api:
dashboard: true
and docker-compose file for traefik container:
version: '3'
services:
traefik:
image: traefik:latest
ports:
- "80:80"
- "443:443"
networks:
- web
command:
- "--certificatesresolvers.le.acme.tlschallenge=true"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /pathTo/traefik/traefik.yml:/etc/traefik/traefik.yaml:ro
- /pathTo/traefik/acme.json:/acme.json
labels:
- "traefik.enable=true"
# HTTP to HTTPS redirection
- "traefik.http.routers.http_catchall.rule=HostRegexp(`{any:.+}`)"
- "traefik.http.routers.http_catchall.entrypoints=insecure"
- "traefik.http.routers.http_catchall.middlewares=https_redirect"
- "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.https_redirect.redirectscheme.permanent=true"
- "traefik.http.routers.traefik.rule=Host(`domain`)"
- "traefik.http.routers.traefik.entrypoints=secure"
- "traefik.http.routers.traefik.service=api@internal"
- "traefik.http.routers.traefik.tls.certresolver=le"
networks:
web:
external:
name: "web"
Thanks for any help.