Avatar of Mohammed Hamada
Mohammed HamadaFlag for Portugal

asked on 

I have built Docker Mailserver but unable to connect to IMAP due to SSL error

I am working on Docker Mailserver on Ubuntu, Purchased 1 year SSL certificate and placed it in /home/ubuntu/cert path and tried to mount it in the docker-compose.yml file

The problem is when I recreate the docker image all looks like it works fine but the certificate doesn't take effect.

I checked the ssl config using "egrep cert /etc/postfix/main.cf" and also /etc/dovecot and its showing the following:

Now I am lost how should the docker-compose.yml file mount looks like? or should I do the docker mount command instead?

I am with very limited docker knowledge and would appreciate if anyone would help.
LinuxSSL / HTTPSDockerUbuntuLinux OS Dev

Avatar of undefined
Last Comment
David Favor
Avatar of David Favor
David Favor
Flag of United States of America image

Postfix == SMTP


So you'll never... effect any IMAP connection behavior... in any way, with any action at the Postfix level.

The way you'll do this...

1) Create a TLS cert, likely using https://LetsEncrypt.org + setup your cert for auto renewal + to bounce (stop/restart) your IMAP server each time cert renews.

https://www.experts-exchange.com/questions/29218434/Cluster-must-have-at-least-one-etcd-plane-host-failed-to-connect-to-the-following-etcd-host-when-rotating-certs-in-rancher.html covers initial cert generation + auto renewal + daemon restarts.

2) Then you select your IMAP server, which will almost surely be Dovecot.

3) Then you plumb your TLS cert into Dovecot.

4) Now you'll have a working IMAP server.

5) Said differently, if you've only install Postfix (SMTP), then your connection problem is no running IMAP server.
Avatar of Mohammed Hamada


Hi David, I am not sure if you're familiar with Docker but this is a ready packed Dovecot and Postfix together within the mailserver image of Docker.

I already have certificate and only thing I am doing is trying to get docker image mailserver to see the certificate. Either purchased or Letsencrypt I got both of them but even with mounting the folder of cert from host to the image I can't get the docker image to see it.

I am following these links for troubleshooting

Things I have done so far,
1- Got the mailserver container Name.
2- Mounted the folder of the certificates from host to inside the docker image (logging to the image still doesn't show any files)
3-  Recreated the image, changed docker-compose.yml settings to reflect the mounted folder.
4- Changed mailserver.env file certificate option to Manual and to letsencrypt and tried both certificates.
5- Tested the local connection with openssl to see if there's any bind certificate: openssl s_client -connect  mail.domain.com:993 

Avatar of David Favor
David Favor
Flag of United States of America image

1) There are Docker instances with both Postfix + Dovecot.

To debug these, the approach I take is to also add sshd to the container start YAML config file, as the only way to debug connections problems is to... be inside the Docker/LXD... namespace... to view connections from inside the container runtime environment.

Near impossible to understand the problem looking... into a container... from machine level, because at machine level... all commands pin to the machine namespace being used, rather than container namespace.

2) You mentioned, "even with mounting the folder of cert from host to the image I can't get the docker image to see it."

This is the common problem using Docker, rather than LXD.

With LXD you have a self-contained, bootable unit, just like a normal machine.

With Docker, you have to correctly... build up your own home brewed, hand rolled LXD file management system.

This means it's up to you to ensure the Docker data volumes you setup are readable to containers + also are passed correctly at container startup or in your YAML config file.

3) So first item to debug, install sshd into your container, then do this...

a) At machine level run this command...

inotifywait -mrq list-of-all-docker-data-volumes-referenced-by-container

Open in new window

b) Now ssh into your container.

c) Verify the passed data volumes actually show up inside the container.

If not, you must fix this in your container startup.

d) After data volumes show up (running ls under ssh into your container), simple do this...

cat /path-to-cert

Open in new window

In the inotifywait, you should see a file open + several read accesses + file close.

If not, you'll then debug your data volume ownership + permissions.
Avatar of Mohammed Hamada


Yes true, I used this command to mount the folder
sudo docker run -v /home/ubuntu/cert/:/etc/letsencrypt/live/ -d mailserver/docker-mailserver "update-ca-certificates"

It doesn't return any error, after that I use the following command to login to the container
./setup.sh debug login

Then I try to ls the content of /etc/letsencrypt/live but it returns nothing.

I tried running the command you provided but it returns a no such file or directory error
inotifywait -mrq list-of-all-docker-data-volumes-referenced-by-container
Couldn't watch list-of-all-docker-data-volumes-referenced-by-container: No such file or directory
Avatar of David Favor
David Favor
Flag of United States of America image

Blurred text
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial

Linux is a UNIX-like open source operating system with hundreds of distinct distributions, including: Fedora, openSUSE, Ubuntu, Debian, Slackware, Gentoo, CentOS, and Arch Linux. Linux is generally associated with web and database servers, but has become popular in many niche industries and applications.

Top Experts
Get a personalized solution from industry experts
Ask the experts
Read over 600 more reviews


IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo