Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue with combined.pem from LE certificates #110

Closed
DominikTrenz opened this issue Mar 29, 2016 · 7 comments · Fixed by #111
Closed

Issue with combined.pem from LE certificates #110

DominikTrenz opened this issue Mar 29, 2016 · 7 comments · Fixed by #111

Comments

@DominikTrenz
Copy link

I had many problems getting the courier server running with LE certificates. After a while i found the problem:

The .pem files from LE are merged into "combined.pem" and when there is no newline at the end of the LE files this happens:
-----END CERTIFICATE----------BEGIN CERTIFICATE-----
Which causes the imap server to fail.

Changing Line 129 in start-mailserver.sh to:
( cat "/etc/letsencrypt/live/$(hostname)/cert.pem"; echo""; cat "/etc/letsencrypt/live/$(hostname)/chain.pem"; echo ""; cat "/etc/letsencrypt/live/$(hostname)/privkey.pem"; echo ) > "/etc/letsencrypt/live/$(hostname)/combined.pem"
solves the problem
@tomav tomav closed this as completed Mar 29, 2016
@tomav tomav reopened this Mar 29, 2016
@tomav
Copy link
Contributor

tomav commented Mar 29, 2016

Hi @DominikTrenz, do you want to submit a PR?

@chadyred
Copy link

How do you create the LE certificate ?

On many case I use the URL /well-known URL when I have a web server running but here it's not the case, so I don't have this possibility to do that, so I don't know how generate a certificate with LE with a mail server.

@DominikTrenz
Copy link
Author

@tomav Maybe i will do so the next days. Thanks for this awesome image btw :)
@chadyred I use following docker images for automatic LE certificates:

jwilder/nginx-proxy
jrcs/letsencrypt-nginx-proxy-companion

The proxy-companion sets up the well-known urls in nginx and renews the certificates which are shared with the email server.

@chadyred
Copy link

Yes, I also use them, but to generate certificate jrcs/letsencrypt-nginx-proxy-companion and particulary lets encrypt, use an URL for ACME challenge is needed and mail server container is not able to do that.

My idea :

  • Create a container with nginx which could receive /well-known link to mail server
  • So the certificate is generate and I shared this one to my mail container in the /etc/letsencrypt/live folder.

@DominikTrenz
Copy link
Author

The ACME challenge should be received just fine if you mounted the /usr/share/nginx/html volume from nginx in the letsencrypt container. At least it works fine with my setup. I also had to modify the letsencrypt image to generate all the necessary certificate files for the mailserver - but that has nothing to do with the ACME challenge and is a bit off-topic :)

@chadyred
Copy link

Thanks for help, I will re-open an issue if I have more problem more developed.

@willtho89 willtho89 mentioned this issue Mar 30, 2016
Merged
@willtho89
Copy link
Contributor

PR #111 fixes the Problem

For further reference: my PR in in jrcs/letsencrypt-nginx-proxy-companion got merged recently. So if you use this container, like Dominik does, all you have to do is add its generated files to the mailserver. (You may need to rename key.pem to privkey.pem)

tomav added a commit that referenced this issue Mar 31, 2016
@tomav
Merge pull request #111 from Reldeis/master
735bbca 
Add eol to letsencrypt provided files [Issue #110]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add eol to letsencrypt provided files [Issue #110]
4 participants
@tomav @willtho89 @chadyred @DominikTrenz