Install/ Activate SSL Certificate for Mailcow (Docker Mailcow)

Prerequisites
Let's Encrypt comes with mailcow out-of-the-box. Mailcow automatically requests a Let's Encrypt SSL certificate for the domain you specified as the hostname (FQDN). To view the domain name in the hostname, follow these two steps:

cd /opt/mailcow-dockerized    sudo nano mailcow.conf   

Now, confirm two entries in the mailcow.conf file so that the next steps work, the first is that SKIP_LETS_ENCRYPT is set to No as per the below. The second is the Fully Qualified Domain Name (FQDN) name (i.e., your email server name) that you have in the MAILCOW_HOSTNAME field. In this example, this is mail.example.com and this is where the SSL certificate will be installed. You specify this when you install mailcow. Generally, if you access your mail.example.com and you can see your mail server, this means you are on the right track to start the installation process of SSL.

SKIP_LETS_ENCRYPT=n  MAILCOW_HOSTNAME=mail.example.com  

The SSL Activation / Installation process
To automatically redirect HTTP requests to HTTPS, open the Nginx configuration file using:

sudo nano /opt/mailcow-dockerized/data/conf/nginx/site.conf  

Add the following snippet to the top of this configuration file:

server {  listen 80 default_server;  listen [::]:80 default_server;  include /etc/nginx/conf.d/server_name.active;  if ( $request_uri ~* "%0A|%0D" ) { return 403; }  return 301 https://$host$uri$is_args$args;  }  

Save the changes to this configuration file by pressing CTRL + X, hit the "Y" key, then press enter. The final step is to restart Nginx:

sudo docker-compose restart nginx-mailcow  

All HTTP requests on mail.example.com will now be automatically redirected to HTTPS.

Want auto-renewal for your SSL?
Not a problem! You can force SSL renewal:

cd /opt/mailcow-dockerized  sudo touch data/assets/ssl/force_renew  sudo docker-compose restart acme-mailcow  # Now check the logs for a renewal  sudo docker-compose logs --tail=200 -f acme-mailcow  

You should read something like:

  acme-mailcow_1       | Thu Mar  4 23:53:57 AST 2021 - Waiting for containers to settle...  acme-mailcow_1       | Thu Mar  4 23:54:07 AST 2021 - Certificates were successfully renewed where required, sleeping for another day.  

To exit the docker-compose logs --tail=200, press:

control + z  

Note:
The purpose of this post is to help you activate your SSL certificate for mailcow on your mail.example.com. The official documentation is on mailcow website:
https://mailcow.github.io/mailcow-dockerized-docs/firststeps-ssl/

https://stackoverflow.com/questions/66486321/install-activate-ssl-certificate-for-mailcow-docker-mailcow March 05, 2021 at 11:24AM