Cleaned code after live testing and improved documentation

Author: tomav

.gitignore

@@ -2,4 +2,4 @@
 docker-compose.yml
 postfix/ssl/*
 assert.sh*
-letsencrypt/
+letsencrypt/

README.md

@@ -70,19 +70,19 @@ Volumes allow to:
 
 # client configuration
 
-  # imap
-  username:         <[email protected]>
-  password:         <username1password>
-  server:           <your-server-ip-or-hostname>
-  imap port:        143 or 993 with ssl (recommended)
-  imap path prefix:   INBOX
-  auth method:      md5 challenge-response
-
-  # smtp
-  smtp port:        25 or 587 with ssl (recommended)
-  username:         <[email protected]>
-  password:         <username1password>
-  auth method:      md5 challenge-response
+    # imap
+    username:         <[email protected]>
+    password:         <username1password>
+    server:           <your-server-ip-or-hostname>
+    imap port:        143 or 993 with ssl (recommended)
+    imap path prefix:   INBOX
+    auth method:      md5 challenge-response
+
+    # smtp
+    smtp port:        25 or 587 with ssl (recommended)
+    username:         <[email protected]>
+    password:         <username1password>
+    auth method:      md5 challenge-response
 
 # todo
 

SSL.md

@@ -7,14 +7,30 @@ There are multiple options to enable SSL:
 
 ## let's encrypt
 
-To enable Let's Encrypt on your mail server, you have to add en environment variable `DMS_SSL` with value `letsencrypt`.
-You also have to mount your `letsencrypt` folder to `/etc/letsencrypt`.
-
-
-
-TO BE FINISHED WHEN IT WILL BE TESTED
-
-
+To enable Let's Encrypt on your mail server, you have to add en environment variable `DMS_SSL` with value `letsencrypt` (see `docker-compose.yml.dist`)
+You also have to mount your `letsencrypt` folder to `/etc/letsencrypt` and it should look like that:
+
+    ├── etc
+    │   └── letsencrypt
+    │       ├── accounts
+    │       ├── archive
+    │       │   └── mail.domain.com
+    │       │       ├── cert1.pem
+    │       │       ├── chain1.pem
+    │       │       ├── fullchain1.pem
+    │       │       └── privkey1.pem
+    │       ├── csr
+    │       ├── keys
+    │       ├── live
+    │       │   └── mail.domain.com
+    │       │       ├── cert.pem -> ../../archive/mail.domain.com/cert1.pem
+    │       │       ├── chain.pem -> ../../archive/mail.domain.com/chain1.pem
+    │       │       ├── combined.pem
+    │       │       ├── fullchain.pem -> ../../archive/mail.domain.com/fullchain1.pem
+    │       │       └── privkey.pem -> ../../archive/mail.domain.com/privkey1.pem
+    │       └── renewal
+
+You don't have anything else to do.
 
 ## self signed certificates
 

docker-compose.yml.dist

@@ -2,7 +2,7 @@ mail:
   # image: tvial/docker-mailserver
   build: .
   hostname: mail
-  domainname: my-domain.com
+  domainname: domain.com
   ports:
   - "25:25"
   - "143:143"
@@ -11,3 +11,6 @@ mail:
   volumes:
   - ./spamassassin:/tmp/spamassassin/
   - ./postfix:/tmp/postfix/
+  - ./letsencrypt/etc:/etc/letsencrypt
+  environment:
+  - DMS_SSL=letsencrypt

start-mailserver.sh

@@ -59,13 +59,6 @@ case $DMS_SSL in
   "letsencrypt" )
     # letsencrypt folders and files mounted in /etc/letsencrypt
 
-      # Adding certificates from Letsencrypt and IdenTrust
-      # curl https://letsencrypt.org/certs/isrgrootx1.pem -so /etc/ssl/certs/isrgrootx1.pem
-      # curl https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem -so /etc/ssl/certs/lets-encrypt-x1-cross-signed.pem
-      # curl https://letsencrypt.org/certs/lets-encrypt-x2-cross-signed.pem -so /etc/ssl/certs/lets-encrypt-x2-cross-signed.pem
-      # curl https://letsencrypt.org/certs/letsencryptauthorityx1.pem -so /etc/ssl/certs/letsencryptauthorityx1.pem
-      # curl https://letsencrypt.org/certs/letsencryptauthorityx2.pem -so /etc/ssl/certs/letsencryptauthorityx2.pem
-
       # Postfix configuration
       sed -i -r 's/smtpd_tls_cert_file=\/etc\/ssl\/certs\/ssl-cert-snakeoil.pem/smtpd_tls_cert_file=\/etc\/letsencrypt\/live\/'$(hostname)'\/fullchain.pem/g' /etc/postfix/main.cf
       sed -i -r 's/smtpd_tls_key_file=\/etc\/ssl\/private\/ssl-cert-snakeoil.key/smtpd_tls_key_file=\/etc\/letsencrypt\/live\/'$(hostname)'\/privkey.pem/g' /etc/postfix/main.cf