No certificate generation

Classification

[X] Minor bug

Reproducibility

[X] Always

Docker information

docker info
Containers: 6
 Running: 5
 Paused: 0
 Stopped: 1
Images: 6
Server Version: 18.06.1-ce
Storage Driver: overlay2
 Backing Filesystem: extfs
 Supports d_type: true
 Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host macvlan null overlay
 Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 468a545b9edcd5932818eb9de8e72413e616e86e
runc version: 69663f0bd4b60df09991c08812a60108003fa340
init version: fec3683
Security Options:
 seccomp
  Profile: default
Kernel Version: 4.9.0-8-amd64
Operating System: Debian GNU/Linux 9 (stretch)
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 1.957GiB
Name: mail
ID: KGG2:MYF6:EJ4C:GEKJ:DVEM:A2AN:QUAN:KF5L:VEEK:HB3P:UXGN:WHBJ
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false

WARNING: No swap limit support

docker images hardware/mailserver --digests --filter "dangling=false"
REPOSITORY            TAG                 DIGEST                                                                    IMAGE ID            CREATED             SIZE
hardware/mailserver   1.1-stable          sha256:e56eb759a61b483924708c1eb5fb81d5aa32191ef420c197e7313cc1b0137364   a4f7ef1fb6d3        4 days ago          379MB

Description

I got this error : [INFO] Traefik SSL certificates not used [INFO] Let's encrypt live directory found [INFO] Using /etc/letsencrypt/live/mail.domain.fr folder [ERROR] No keyfile found in /etc/letsencrypt/live/mail.domain.fr !

Expected results

Generated certificate in the letsencrypt path

Actual results

Folder empty

Debugging information

docker logs mailserver
[INFO] Search for SSL certificates generated by Traefik
[ERROR] The certificate for mail.2rock.fr or the private key was not found !
[INFO] Don't forget to add a new traefik frontend rule to generate a certificate for mail.2rock.fr subdomain
[INFO] Look /mnt/docker/traefik/acme/dump.log and 'docker logs traefik' for more information
[INFO] Search for SSL certificates generated by Traefik
jq: error: Could not open file /etc/letsencrypt/acme/acme.json: No such file or directory
[ERROR] The certificate for mail.2rock.fr or the private key was not found !
[INFO] Traefik SSL certificates not used
[INFO] Let's encrypt live directory found
[INFO] Using /etc/letsencrypt/live/mail.2rock.fr folder
[ERROR] No keyfile found in /etc/letsencrypt/live/mail.2rock.fr !

Configuration (docker-compose.yml, traefik.toml...etc)

docker-compose.yml
version: "3"

# IPv4 only
# docker network create http_network

# IPv4/IPv6 network
# docker network create http_network --ipv6 --subnet "fd00:0000:0000:0000::/64"
# Refer to https://github.com/hardware/mailserver/#ipv6-support for more information.

networks:
  http_network:
    external: true
  mail_network:
    external: false

services:
  traefik:
    image: traefik:1.7-alpine
    container_name: traefik
    restart: ${RESTART_MODE}
    ports:
      - "80:80"
      - "443:443"
    labels:
      - traefik.enable=true
      - traefik.frontend.rule=Host:mail.${MAILSERVER_DOMAIN}
      - traefik.port=8080
      - traefik.docker.network=http_network
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ${VOLUMES_ROOT_PATH}/traefik/traefik.toml:/traefik.toml:ro
      - ${VOLUMES_ROOT_PATH}/traefik/acme.json:/acme.json
    networks:
      - http_network

  mailserver:
    image: hardware/mailserver:${MAILSERVER_DOCKER_TAG}
    container_name: mailserver
    restart: ${RESTART_MODE}
    domainname: ${MAILSERVER_DOMAIN}                    # Mail server A/MX/FQDN & reverse PTR = mail.domain.tld.
    hostname: ${MAILSERVER_HOSTNAME}
    labels:
      - traefik.enable=true
      - traefik.frontend.rule=Host:spam.${MAILSERVER_DOMAIN}
      - traefik.port=11334
      - traefik.docker.network=http_network
    # extra_hosts:                          - Required for external database (on other server or for local databases on host without docker)
    #  - "mariadb:xx.xx.xx.xx"              - Replace with IP address of MariaDB server
    #  - "redis:xx.xx.xx.xx"                - Replace with IP address of Redis server
    ports:
      - "25:25"       # SMTP                - Required
    # - "110:110"     # POP3       STARTTLS - Optional - For webmails/desktop clients
      - "143:143"     # IMAP       STARTTLS - Optional - For webmails/desktop clients
    # - "465:465"     # SMTPS      SSL/TLS  - Optional - Enabled for compatibility reason, otherwise disabled
      - "587:587"     # Submission STARTTLS - Optional - For webmails/desktop clients
      - "993:993"     # IMAPS      SSL/TLS  - Optional - For webmails/desktop clients
    # - "995:995"     # POP3S      SSL/TLS  - Optional - For webmails/desktop clients
      - "4190:4190"   # SIEVE      STARTTLS - Optional - Recommended for mail filtering
    environment:
      - DBPASS=${DATABASE_USER_PASSWORD}       # MariaDB database password (required)
      - RSPAMD_PASSWORD=${RSPAMD_PASSWORD}     # Rspamd WebUI password (required)
      - ADD_DOMAINS=newdomain.fr      # Add additional domains separated by commas (needed for dkim keys etc.)
      - DEBUG_MODE=${DEBUG_MODE}
    # - ENABLE_ENCRYPTION=true                        # Enable Postfix, Dovecot, Rspamd and Unbound verbose logging
    # - ENABLE_POP3=true                       # Enable POP3 protocol
    # - ENABLE_FETCHMAIL=true                  # Enable fetchmail forwarding
    # - DISABLE_RATELIMITING=false             # Enable ratelimiting policy
    # - DISABLE_CLAMAV=true                    # Disable virus scanning
    # - DISABLE_SIGNING=true                   # Disable DKIM/ARC signing
    # - DISABLE_GREYLISTING=true               # Disable greylisting policy
    #
    # Full list : https://github.com/hardware/mailserver#environment-variables
    #
    volumes:
      - ${VOLUMES_ROOT_PATH}/mail:/var/mail
      - /mnt/docker/traefik/acme:/etc/letsencrypt/acme
    depends_on:
      - mariadb
      - redis
    networks:
      - mail_network
      - http_network

  # Administration interface
  # https://github.com/hardware/postfixadmin
  # http://postfixadmin.sourceforge.net/
  # Configuration : https://github.com/hardware/mailserver/wiki/Postfixadmin-initial-configuration
  postfixadmin:
    image: hardware/postfixadmin
    container_name: postfixadmin
    restart: ${RESTART_MODE}
    domainname: ${MAILSERVER_DOMAIN}
    hostname: ${MAILSERVER_HOSTNAME}
    labels:
      - traefik.enable=true
      - traefik.frontend.rule=Host:postfixadmin.${MAILSERVER_DOMAIN}
      - traefik.port=8888
      - traefik.docker.network=http_network
    environment:
      - DBPASS=${DATABASE_USER_PASSWORD}
    depends_on:
      - mailserver
      - mariadb
    networks:
      - mail_network
      - http_network

  # Webmail (Optional)
  # https://github.com/hardware/rainloop
  # https://www.rainloop.net/
  # Configuration : https://github.com/hardware/mailserver/wiki/Rainloop-initial-configuration
  rainloop:
    image: hardware/rainloop
    container_name: rainloop
    restart: ${RESTART_MODE}
    labels:
      - traefik.enable=true
      - traefik.port=8888
      - traefik.frontend.rule=Host:webmail.${MAILSERVER_DOMAIN}
      - traefik.docker.network=http_network
    volumes:
      - ${VOLUMES_ROOT_PATH}/rainloop:/rainloop/data
    depends_on:
      - mailserver
      - mariadb
    networks:
      - mail_network
      - http_network

  # Alternative webmail (Optional)
  # https://github.com/hardware/afterlogic-webmail-lite
  # https://afterlogic.org/webmail-lite
  # Configuration : https://github.com/hardware/mailserver/wiki/AfterLogic-Webmail-Lite-initial-configuration
  # afterlogic-webmail-lite:
  #   image: hardware/afterlogic-webmail-lite
  #   container_name: afterlogic-webmail-lite
  #   restart: ${RESTART_MODE}
  #   labels:
  #     - traefik.enable=true
  #     - traefik.port=8888
  #     - traefik.frontend.rule=Host:webmail.${MAILSERVER_DOMAIN}
  #     - traefik.docker.network=http_network
  #   volumes:
  #     - ${VOLUMES_ROOT_PATH}/afterlogic-webmail-lite:/afterlogic-webmail-lite/data
  #   depends_on:
  #     - mailserver
  #     - mariadb
  #   networks:
  #     - mail_network
  #     - http_network

  # Authoritative DNS server (Optional)
  # https://github.com/hardware/nsd-dnssec
  # https://www.nlnetlabs.nl/projects/nsd/
  # Configuration : https://github.com/hardware/mailserver/wiki/NSD-initial-configuration
  # nsd:
  #   image: hardware/nsd-dnssec
  #   container_name: nsd
  #   restart: ${RESTART_MODE}
  #   ports:
  #     - "53:53"
  #     - "53:53/udp"
  #   volumes:
  #     - ${VOLUMES_ROOT_PATH}/nsd/conf:/etc/nsd
  #     - ${VOLUMES_ROOT_PATH}/nsd/zones:/zones
  #     - ${VOLUMES_ROOT_PATH}/nsd/db:/var/db/nsd

  # Database
  # https://github.com/docker-library/mariadb
  # https://mariadb.org/
  mariadb:
    image: mariadb:10.2
    container_name: mariadb
    restart: ${RESTART_MODE}
    # Info : These variables are ignored when the volume already exists (if databases was created before).
    environment:
      - MYSQL_RANDOM_ROOT_PASSWORD=yes
      - MYSQL_DATABASE=postfix
      - MYSQL_USER=postfix
      - MYSQL_PASSWORD=${DATABASE_USER_PASSWORD}
    volumes:
      - ${VOLUMES_ROOT_PATH}/mysql/db:/var/lib/mysql
    networks:
      - mail_network

  # Database
  # https://github.com/docker-library/redis
  # https://redis.io/
  redis:
    image: redis:4.0-alpine
    container_name: redis
    restart: ${RESTART_MODE}
    command: redis-server --appendonly yes
    volumes:
      - ${VOLUMES_ROOT_PATH}/redis/db:/data
    networks:
      - mail_network

.env 
# This file is used to define environment variables to be used
# for variable substitution in your docker compose file.
# https://docs.docker.com/compose/env-file/

#
# MANDATORY
# /!\ if this variables are unset, the mail server will not start.
#

# Your domain name (eg. domain.tld)
MAILSERVER_DOMAIN=domain.fr

# MariaDB/PostgreSQL database password
DATABASE_USER_PASSWORD=**********
# Rspamd WebUI and controller password
RSPAMD_PASSWORD=************

#
# NOT MANDATORY
#

# Your mailserver hostname (eg. mail for mail.domain.tld)
MAILSERVER_HOSTNAME=mail

# Mailserver version
# 1.1-stable : Stable version (v1.1-stable github branch)
# 1.1-latest : Latest development build (master github branch)
# Latest development builds have been validated through
# the CI automation system but they are not meant for
# deployment in production.
# 1.1-stable and 1.1-latest are rebuilt weekly on the docker hub but if you
# have any problem with a new build you can switch to 1.1-stable-fallback
# The fallback tag is rebuilt monthly.
MAILSERVER_DOCKER_TAG=1.1-stable

# Docker volumes parent folder
VOLUMES_ROOT_PATH=/mnt/docker

# Docker containers restart mode
# https://docs.docker.com/compose/compose-file/#restart
RESTART_MODE=unless-stopped

OPENDKIM_KEY_LENGTH=2048

DEBUG_MODE=true

traefik!.toml
defaultEntryPoints = ["https","http"]

[api]
entryPoint = "traefik"
dashboard = true

[entryPoints]
  [entryPoints.http]
  address = ":80"
    [entryPoints.http.redirect]
    entryPoint = "https"
  [entryPoints.https]
  address = ":443"
    [entryPoints.https.tls]
    minVersion = "VersionTLS12"
    cipherSuites = [
      "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
      "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
      "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
      "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
      "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
      "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"
    ]
  [entryPoints.traefik]
  address = ":8080"
  [entryPoints.traefik.auth.basic]
  users = ["admin:{SHA}jLIjfQZ5yojbZGTqxg2pY0VROWQ="]

[acme]
email = "admin@2rock.fr"
storage = "acme.json"
entryPoint = "https"
acmeLogging = true
onHostRule = true
[acme.tlsChallenge]
entryPoint = "http"

[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "{{ DOMAIN }}"
watch = true
exposedbydefault = false

hardware / mailserver

No certificate generation #318