[HELP] No Cert generated about docker-mailserver-traefik HOT 4 CLOSED

Looks like it runs now without any errors.

Thanks for your fast and kind help!

from docker-mailserver-traefik.

Hello!

Is Traefik able to generate a certificate for whoami.${DOMAIN_JS}?
You configuration seem very similar to https://github.com/youtous/docker-mailserver-traefik/blob/master/test/files/docker-compose.traefik.v2.file.yml which is used in the tests.

I think traefik is not generating any certificate due to the lack of certResolver associated to the entryPoints or to the router. Here's the Traefik configuration used in the example above, showing how to define a certResolver associated with an entrypoint

According to the Traefik documentation, certResolver can be defined on the router (https://doc.traefik.io/traefik/v2.0/routing/routers/#certresolver) as you did on the my-app service.

Could you test the following configuration for the mail service?

  mail:
    image: tvial/docker-mailserver:latest
    hostname: ${HOSTNAME}
    domainname: ${DOMAINNAME}
    container_name: ${CONTAINER_NAME}
    ports:
      - "25:25"
      - "143:143"
      - "587:587"
      - "993:993"
    volumes:
      - ../traefik/letsencrypt/acme.json:/etc/letsencrypt/acme.json:ro
      - ../../data/mailserver/maildata:/var/mail
      - ../../data/mailserver/mailstate:/var/mail-state
      - ../../data/mailserver/maillogs:/var/log/mail
      - ../../data/mailserver/config/:/tmp/docker-mailserver/
      # ? if SELinux is enabled, uncomment the line below and comment the line above
      # - ./config/:/tmp/docker-mailserver/${SELINUX_LABEL}
    labels:
      - "mailserver-traefik.renew.domain=mail.domain.com" # tag the service
      # traefik configuration using labels, not required
      - "traefik.enable=true" # use traefik v2 for certificate generation
      - "traefik.port=443" # dummy port, required generating certs with traefik
      - "traefik.http.routers.mail.rule=Host(`mail.domain.com`)"
      - "traefik.http.routers.mail.entrypoints=https"
      - "traefik.http.routers.mail.tls=true"
      - "traefik.http.routers.mail.tls.certresolver=le"
      - "traefik.http.routers.mail.middlewares=redirect-webmail@docker" # redirect to webmail
      - "traefik.http.middlewares.redirect-webmail.redirectregex.regex=.*"
      - "traefik.http.middlewares.redirect-webmail.redirectregex.replacement=https://webmail.domain.com/"
    env_file:
      - mailserver.env
    cap_add:
      - NET_ADMIN
      - SYS_PTRACE
    restart: always
    networks:
      - internal
      - external

from docker-mailserver-traefik.

That indeed was the reason why no cert was created - thanks a lot!
The new output from logs is

[INFO] Running on a regular host.
[INFO] 1 domain(s) to watch: mail.domain.com
[INFO] Configured to automatically push existing certificates in containers every 15m (PUSH_PERIOD=15m).
[INFO] file selected as certificates source
[INFO] Traefik v2 selected as target

[INFO] certificate for mail.domain.com not yet generated, skipping push...

[INFO] certificate for mail.domain.com not yet generated, skipping push...

[INFO] certificate for mail.domain.com not yet generated, skipping push...

[INFO] Pushing mail.domain.com to 1 subscribed containers
[INFO] Pushing mail.domain.com certificate in container d5b8faff905e
[INFO] mail.domain.com - new certificate '/tmp/ssl/fullchain.pem' received on mailserver container
[INFO] mail.domain.com - Cert update: new certificate copied into container
[INFO] mail.domain.com - Cert update: restarting daemons Postfix and Dovecot
postfix: ERROR (not running)
postfix: ERROR (abnormal termination)
dovecot: stopped
dovecot: started
[INFO] mail.domain.com - ONE_DIR detected, generating copy in /var/mail/manual-ssl/{cert,key}

I'm worried about the 2 errors with postfix. Do I have to start the containers in a different order maybe? Or can this message be ignored? (I highly doubt it wwith ERROR ;))

from docker-mailserver-traefik.

Good!

Regarding the postfix error message, it can happen if the service was not running and the certificate triggered a restart (first error is due to the stop, the second indicates postfix start did not successfully completed).
Perhaps, the supervisor calls are done simultaneously with the scripts inside docker-mailserver, however, if the postfix service is still running after the trigger push of the certificate you don't have to worry about.

Please just check postfix is running without action on your side when the certificate is pushed and the certificates has been retrieved by postfix.

from docker-mailserver-traefik.