From 07c4decf1baead5c1e28b418c36a83b8b1b5b2c3 Mon Sep 17 00:00:00 2001
From: Nicolas <nicolas@gruber.info>
Date: Tue, 28 Apr 2026 15:57:03 +0200
Subject: [PATCH] zertifikat fix

---
 docker-compose.yml | 24 +++++++++++++++++++++++-
 mailserver.env     |  6 +++---
 2 files changed, 26 insertions(+), 4 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 4d479cd..a085613 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,7 +1,28 @@
 services:
+  ssl-init:
+    image: alpine/openssl
+    container_name: ssl-init
+    volumes:
+      - ./docker-data/dms/ssl/:/certs/
+    entrypoint: /bin/sh
+    command: >
+      -c "if [ ! -f /certs/cert.pem ]; then
+        openssl req -x509 -nodes -days 3650 -newkey rsa:4096
+        -keyout /certs/key.pem -out /certs/cert.pem
+        -subj '/CN=mail.byte.trail'
+        -addext 'subjectAltName=DNS:mail.byte.trail,DNS:byte.trail';
+        echo '[+] Zertifikat erstellt';
+      else
+        echo '[i] Zertifikat existiert bereits';
+      fi"
+    restart: "no"
+
   mailserver:
     image: ghcr.io/docker-mailserver/docker-mailserver:latest
     container_name: mailserver
+    depends_on:
+      ssl-init:
+        condition: service_completed_successfully
     # Provide the FQDN of your mail server here (Your DNS MX record should point to this value)
     hostname: mail.byte.trail
     env_file: mailserver.env
@@ -18,6 +39,7 @@ services:
       - ./docker-data/dms/mail-state/:/var/mail-state/
       - ./docker-data/dms/mail-logs/:/var/log/mail/
       - ./docker-data/dms/config/:/tmp/docker-mailserver/
+      - ./docker-data/dms/ssl/:/tmp/dms-ssl/:ro
       - /etc/localtime:/etc/localtime:ro
     restart: always
     stop_grace_period: 1m
@@ -47,4 +69,4 @@ services:
       - mssql_data:/var/opt/mssql
 
 volumes:
-  mssql_data:
\ No newline at end of file
+  mssql_data:
diff --git a/mailserver.env b/mailserver.env
index 7ba1c6e..4e20dcd 100644
--- a/mailserver.env
+++ b/mailserver.env
@@ -240,12 +240,12 @@ SMTP_ONLY=
 # custom => Enables custom certificates
 # manual => Let's you manually specify locations of your SSL certificates for non-standard cases
 # self-signed => Enables self-signed certificates
-SSL_TYPE=letsencrypt
+SSL_TYPE=manual
 
 # These are only supported with `SSL_TYPE=manual`.
 # Provide the path to your cert and key files that you've mounted access to within the container.
-SSL_CERT_PATH=
-SSL_KEY_PATH=
+SSL_CERT_PATH=/tmp/dms-ssl/cert.pem
+SSL_KEY_PATH=/tmp/dms-ssl/key.pem
 # Optional: A 2nd certificate can be supported as fallback (dual cert support), eg ECDSA with an RSA fallback.
 # Useful for additional compatibility with older MTA and MUA (eg pre-2015).
 SSL_ALT_CERT_PATH=