mailcow-traefik-acme-adapter
An adapter to use traefik generated acme certs in mailcow.
background
traefik provides the possibility to automatically generate acme certs with letsencrypt. These certs are stored in a proprietary format (located in a file called acme.json). Sadly mailcow does not offer a native solution to import certs from that format. This adapter is designed to fill that gap. It will look for new certs in the acme.json, export them and will send them to mailcow.
how this adapter works
- A watcher on the
acme.jsonfile is created - If the
acme.jsonfile changes, all including certs will be extracted inside the container - The cert and key from the configured domain will be copied to the configured location
- All extracted certs inside the container are deleted
- The relevant services from mailcow are restarted, to load the new certs
setup with docker-compose
Add the following service inside your docker-compose.yml and replace the config values:
certdumper:
image: jovobe/mailcow-traefik-acme-adapter:latest
container_name: traefik_mailcow_cert_adapter
depends_on:
# Here should be the name of your traefik service
- name-of-traefik-service-goes-here
# Here should be mailcow services that will be restarted after cert change
- postfix-mailcow
- dovecot-mailcow
- nginx-mailcow
restart: always
volumes:
# This volume mounts the traefik root folder into the container for access
# to the `acme.json` file
- /absolute/path/to/traefik-root:/traefik:ro
# This volume mounts the mailcow ssl folder into the container. By default
# this should be in your mailcow folder under "data/assets/ssl"
- /absolute/path/to/mailcow-dockerized/data/assets/ssl:/ssl-share:rw
# This volume mounts the docker socket into the container to enable docker
# control from inside the container
- /var/run/docker.sock:/var/run/docker.sock:rw
environment:
# This variable should contain the domain with which you are running
# mailcow
- DOMAIN=your-domain-goes-here.tld