search

hardware / mailserver

:warning: UNMAINTAINED - Simple and full-featured mail server using Docker
https://store.docker.com/community/images/hardware/mailserver
MIT License
1.29k stars 324 forks source link

letsencrypt SSL certificates are not being copied correctly to /tmp/ssl/normalized #391

Closed ksylvan closed 5 years ago

ksylvan commented 5 years ago

Classification

Please delete options that are not relevant.

Reproducibility

Docker information

docker info
Containers: 8
 Running: 8
 Paused: 0
 Stopped: 0
Images: 21
Server Version: 18.09.4
Storage Driver: overlay2
 Backing Filesystem: extfs
 Supports d_type: true
 Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host macvlan null overlay
 Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: bb71b10fd8f58240ca47fbb579b9d1028eea7c84
runc version: 2b18fe1d885ee5083ef9f0838fee39b62d653e30
init version: fec3683
Security Options:
 seccomp
  Profile: default
Kernel Version: 4.9.0-8-amd64
Operating System: Debian GNU/Linux 9 (stretch)
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 1.957GiB
Name: sylvan.com
ID: MZKR:RII6:53YA:MBS6:U44T:JIXH:6JOJ:ZLAY:INCF:36NZ:NCNN:SAEE
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false
Product License: Community Engine

WARNING: No swap limit support

docker images hardware/mailserver --digests --filter "dangling=false"
REPOSITORY            TAG                 DIGEST                                                                    IMAGE ID            CREATED             SIZE
hardware/mailserver   1.1-latest          sha256:9dae67a39f30642942e9f40109665511f78db896f1b0e1e48ec4637878949396   e2e08ae5a00d        6 weeks ago         396MB
hardware/mailserver   <none>              sha256:a0be6d957fdcd761e6f51349a174ca17744b1525d54162b68734675a999860d2   147fd522c14e        4 months ago        380MB
hardware/mailserver   1.1-stable          sha256:86c4d9beedf8a0d6f311acc854d9ca8862231cc9d4ad0afb9f389c2053e3c221   d56ae0c7d21e        23 months ago       332MB
hardware/mailserver   1.1-beta            sha256:10bddc1541f827e8efa29447958059ef34ac20300d5a985271e2757ef4319fc4   5f828d615d1d        23 months ago       316MB
hardware/mailserver   latest              sha256:5ff8559ba758cd23f44121e64c152edded8a3370f46bff23d946b4209bdb375b   834cbdab45d6        23 months ago       235MB

Description

Briefly describe the problem you are having in a few lines.

mailserver      | [INFO] Let's encrypt live directory found
mailserver      | [INFO] Using /etc/letsencrypt/live/mail.sylvan.com folder
mailserver      | [ERROR] No keyfile found in /tmp/ssl/normalized !
mailserver      | [INFO] Setting up container
mailserver      | [INFO] Found DKIM key pair for domain sylvan.com - skip creation

The /tmp/ssl/normalized looks like this:

root@mail:/# ls -l /tmp/ssl/normalized/
total 4
-rwx------ 1 root root 543 Jul 30 23:43 README
lrwxrwxrwx 1 root root  40 Jul 30 23:43 cert.pem -> ../../archive/mail.sylvan.com/cert10.pem
lrwxrwxrwx 1 root root  41 Jul 30 23:43 chain.pem -> ../../archive/mail.sylvan.com/chain10.pem
lrwxrwxrwx 1 root root  45 Jul 30 23:43 fullchain.pem -> ../../archive/mail.sylvan.com/fullchain10.pem
lrwxrwxrwx 1 root root  43 Jul 30 23:43 privkey.pem -> ../../archive/mail.sylvan.com/privkey10.pem

Steps to reproduce

  1. Updated my containers
  2. Restarted the stack
  3. mailserver is not starting up correctly with the existing SSL certificates

Expected results

Startup (like all previous times) :-)

Actual results

The /tmp/ssl/normalized directory is set up with copied symlinks. Simply copying the underlying files should work.

Debugging information

See above. /tmp/ssl/normalized is set up incorrectly.

Configuration (docker-compose.yml, traefik.toml...etc)

I set up letsencrypt directory with certbot, and then mount it like this in mailserver:

volumes:
      - /mnt/docker/mail:/var/mail
      - /mnt/docker/nginx/certs:/etc/letsencrypt
SoerenBusse commented 5 years ago

We're having exactly the same issue here in our environment. We would really appreciate to merge the pull request so it will work again.

@ksylvan Have you found a workaround for this or have you built your docker image with the fix included?

sknight80 commented 5 years ago

I approved the PR. I think we can merge it.

ksylvan commented 5 years ago

We're having exactly the same issue here in our environment. We would really appreciate to merge the pull request so it will work again.

@ksylvan Have you found a workaround for this or have you built your docker image with the fix included?

@SoerenBusse I manually fixed my running images and just now rebuilt the images with this fix.

ksylvan commented 5 years ago

Thanks! It works again.