Poste.io -无法通过邮件应用程序登录-错误的SSL证书
Poste.io -无法通过邮件应用程序登录-错误的SSL证书
提问于 2018-10-19 09:43:55
我有poste.io和nginx代理的配置。域是有效域:)
这是我为poste.io撰写的对接者:
version: '3'
volumes:
mailserver_posteio:
services:
mailserver:
image: analogic/poste.io
container_name: poste-io
restart: always
ports:
- "25:25"
- "110:110"
- "143:143"
- "587:587"
- "993:993"
- "995:995"
- "4190:4190"
environment:
- LETSENCRYPT_EMAIL=ssl@DOMAIN
- LETSENCRYPT_HOST=mail.DOMAIN
- VIRTUAL_HOST=mail.DOMAIN
- HTTPS=OFF
volumes:
- /etc/localtime:/etc/localtime:ro
- mailserver_posteio:/data
- ./nginx-proxy/html/.well-known:/opt/www/.well-known # this is correct path
networks:
default:
external:
name: nginx-proxy这是nginx代理的配置:
version: '3'
services:
nginx:
image: nginx
restart: always
container_name: nginx-proxy
ports:
- "80:80"
- "443:443"
volumes:
- ./conf:/etc/nginx/conf.d
- ./vhost:/etc/nginx/vhost.d
- ./html:/usr/share/nginx/html
- ./certs:/etc/nginx/certs
labels:
- "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy=true"
dockergen:
image: jwilder/docker-gen
restart: always
container_name: nginx-proxy-gen
depends_on:
- nginx
command: -notify-sighup nginx-proxy -watch -wait 5s:30s /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf
volumes:
- ./conf:/etc/nginx/conf.d
- ./vhost:/etc/nginx/vhost.d
- ./html:/usr/share/nginx/html
- ./certs:/etc/nginx/certs
- /var/run/docker.sock:/tmp/docker.sock:ro
- ./nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl:ro
letsencrypt:
restart: always
image: jrcs/letsencrypt-nginx-proxy-companion
container_name: nginx-proxy-le
depends_on:
- nginx
- dockergen
environment:
NGINX_PROXY_CONTAINER: nginx-proxy
NGINX_DOCKER_GEN_CONTAINER: nginx-proxy-gen
volumes:
- ./conf:/etc/nginx/conf.d
- ./vhost:/etc/nginx/vhost.d
- ./html:/usr/share/nginx/html
- ./certs:/etc/nginx/certs
- /var/run/docker.sock:/var/run/docker.sock:ro
networks:
default:
external:
name: nginx-proxy几乎一切都正常(我可以使用https登录到仪表板,通过圆立方体发送和接收邮件),但我无法通过邮件应用程序(如Thunderbird )登录到邮件帐户。
我有错误,我的用户名或密码是错误的。我已经检查过了,用户名和密码都可以。
所以我登录到poste.io容器中,在日志中找到了这个:
Oct 19 11:21:02 2d4556c1f79e dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=130.255.154.136, lip=172.18.0.2, TLS handshaking: SSL_accept() failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42, s
ession=<e4MPbJF478OC/5qI>
Oct 19 11:21:02 2d4556c1f79e dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=130.255.154.136, lip=172.18.0.2, TLS handshaking: SSL_accept() failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42, s
ession=<WUscbJF48MOC/5qI>
Oct 19 11:21:19 2d4556c1f79e dovecot: imap-login: Aborted login (no auth attempts in 0 secs): user=<>, rip=130.255.154.136, lip=172.18.0.2, session=<ZYgVbZF49MOC/5qI>
Oct 19 11:21:35 2d4556c1f79e dovecot: imap-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=130.255.154.136, lip=172.18.0.2, TLS handshaking: SSL_accept() failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42, s
ession=<4qwFbpF4+MOC/5qI>因此,我登录仪表板并点击按钮获得TLS证书。之后,我可以在日志部分的仪表板中看到以下内容:
[2018-10-19 10:55:08] LEScript.INFO: Account already registered. Continuing.
[2018-10-19 10:55:08] LEScript.INFO: Starting certificate generation process for domains
[2018-10-19 10:55:08] LEScript.INFO: Requesting challenge for mail.DOMAIN
[2018-10-19 10:55:08] LEScript.INFO: Sending signed request to /acme/new-authz
[2018-10-19 10:55:09] LEScript.INFO: Got challenge token for mail.DOMAIN
[2018-10-19 10:55:09] LEScript.INFO: Token for mail.DOMAIN saved at /opt/www//.well-known/acme-challenge/jIWGGbQdxk5GDjpqRaZ0ZJVnJTJZFLrz1xqkV6sQV3Q and should be available at http://mail.DOMAIN/.well-known/acme-challenge/jIWGGbQdxk5GDjpqRaZ0ZJVnJTJZFLrz1xqkV6sQV3Q
[2018-10-19 10:55:09] LEScript.INFO: Sending request to challenge
[2018-10-19 10:55:09] LEScript.INFO: Sending signed request to https://acme-v01.api.letsencrypt.org/acme/challenge/aMXIOU7RCsAynJEYLJqKvT2WkcA_1tB7dR76yOjEh6E/8431476684
[2018-10-19 10:55:10] LEScript.INFO: Verification ended with status: valid
[2018-10-19 10:55:10] LEScript.INFO: Sending signed request to /acme/new-cert我怎么解决这个问题?
最奇怪的是问题出现在2.0.16版本。在2.0.15上一切正常!
回答 1
Server Fault用户
回答已采纳
发布于 2018-10-21 19:02:49
我找到了解决办法。解决方案是使用外部卷为众所周知的.之后,在Poste.io中将外部卷附加到
well-known:/opt/www/.well-known和
well-known:/usr/share/nginx/html/.well-known对于每一个nginx容器。
之后,您可以为Poste.io调用TLS证书。
页面原文内容由Server Fault提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://serverfault.com/questions/936292
复制相关文章
相似问题
腾讯云开发者
