docker
docker copied to clipboard
warning: cannot get RSA certificate from file "/home/USER/anonaddy/TLS.key": disabling TLS support
Support guidelines
- [X] I've read the support guidelines
I've found a bug and checked that ...
- [X] ... the documentation does not mention anything about my problem
- [X] ... there are no open or closed issues that are related to my problem
Description
Can not enable TLS on Postfix
Expected behaviour
- "POSTFIX_SMTPD_TLS=true"
- "POSTFIX_SMTP_TLS=true"
- "POSTFIX_SMTPD_TLS_CERT_FILE=/etc/letsencrypt/live/domain.xyz/fullchain.pem"
- "POSTFIX_SMTPD_TLS_KEY_FILE=/etc/letsencrypt/live/domain.xyz/privkey.pem"
Should Enable TLS
Actual behaviour
Getting 500's on webapp
sudo docker compose logs -f gives the following:
addy_nginx | 111.111.111.111 - - [19/Dec/2023:06:29:44 +0000] "GET /captcha/mini?9ntdf97c HTTP/2.0" 200 5776 "https://websiteedited.xyz/register" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:122.0) Gecko/20100101 Firefox/122.0" "-" addy | Dec 19 00:29:53 mail postfix/smtpd[1072]: warning: cannot get RSA certificate from file "/etc/letsencrypt/live/domain.xyz/fullchain.pem": disabling TLS support addy | Dec 19 00:29:53 mail postfix/smtpd[1072]: warning: TLS library problem: error:80000002:system library::No such file or directory:crypto/bio/bss_file.c:297:calling fopen(/etc/letsencrypt/live/domain.xyz/fullchain.pem, r): addy | Dec 19 00:29:53 mail postfix/smtpd[1072]: warning: TLS library problem: error:10080002:BIO routines::system lib:crypto/bio/bss_file.c:300: addy | Dec 19 00:29:53 mail postfix/smtpd[1072]: warning: TLS library problem: error:0A080002:SSL routines::system lib:ssl/ssl_rsa.c:448:
(IP and website edited for privacy)
Steps to reproduce
Using the information provided using default settings on fresh vps
Docker info
Client: Docker Engine - Community
Version: 24.0.7
Context: default
Debug Mode: false
Plugins:
buildx: Docker Buildx (Docker Inc.)
Version: v0.11.2
Path: /usr/libexec/docker/cli-plugins/docker-buildx
compose: Docker Compose (Docker Inc.)
Version: v2.21.0
Path: /usr/libexec/docker/cli-plugins/docker-compose
Server:
Containers: 4
Running: 4
Paused: 0
Stopped: 0
Images: 4
Server Version: 24.0.7
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Using metacopy: false
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: systemd
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc io.containerd.runc.v2
Default Runtime: runc
Init Binary: docker-init
containerd version: 3dd1e886e55dd695541fdcd67420c2888645a495
runc version: v1.1.10-0-g18a0cb0
init version: de40ad0
Security Options:
apparmor
seccomp
Profile: builtin
cgroupns
Kernel Version: 5.15.0-1045-oracle
Operating System: Ubuntu 22.04.3 LTS
OSType: linux
Architecture: aarch64
CPUs: 4
Total Memory: 23.43GiB
Name: examplewebsite-xyz
ID: e1a1a3e6-8192-4f96-b323-1045d0497b55
Docker Root Dir: /var/lib/docker
Debug Mode: false
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Docker Compose config
name: addy
services:
db:
image: mariadb:10.5
container_name: addy_db
command:
- "mysqld"
- "--character-set-server=utf8mb4"
- "--collation-server=utf8mb4_unicode_ci"
volumes:
- "./db:/var/lib/mysql"
environment:
- "MYSQL_ALLOW_EMPTY_PASSWORD=yes"
- "MYSQL_DATABASE=anonaddy"
- "MYSQL_USER=anonaddy"
- "MYSQL_PASSWORD=11111111111111"
restart: always
redis:
image: redis:4.0-alpine
container_name: addy_redis
restart: always
addy:
image: anonaddy/anonaddy:latest
container_name: addy
depends_on:
- db
- redis
ports:
- target: 25
published: 25
protocol: tcp
- target: 8000
published: 8000
protocol: tcp
volumes:
- "./data:/data"
env_file:
- "./addy.env"
environment:
- "TZ=America/Monterrey"
- "PUID=1000"
- "PGID=1000"
- "REAL_IP_FROM=0.0.0.0/32"
- "REAL_IP_HEADER=X-Forwarded-For"
- "LOG_IP_VAR=remote_addr"
- "DB_HOST=db"
- "LISTEN_IPV6=false"
- "MEMORY_LIMIT=1024M"
- "UPLOAD_MAX_SIZE=128M"
- "OPCACHE_MEMSIZE=128"
- "DB_DATABASE=anonaddy"
- "DB_USERNAME=anonaddy"
- "DB_PASSWORD=111111111111111111"
- "APP_KEY=base64:HBtLNVmXbqky111111111111111111113f7JEw3Dk0k="
- "APP_DEBUG_false"
- "APP_URL=http://127.0.0.1:8000"
- "ANONADDY_ADMIN_USERNAME=happyuser"
- "ANONADDY_DOMAIN=domainexample.xyz"
- "ANONADDY_ALL_DOMANDS=domainexample.xyz"
- "ANONADDY_HOSTNAME=mail.domainexample.xyz"
- "ANONADDY_DNS_RESOLVER=127.0.0.1"
- "ANONADDY_SECRET=lksjfl111111111111111111111111kjflsakfjoi23u3"
- "ANONADDY_DKIM_SIGNING_KEY=/data/dkim/domainexample.xyz.private"
- "[email protected]"
- "MAIL_FROM_NAME=domainexample.xyz"
- "[email protected]"
- "ANONADDY_BANDWIDTH_LIMIT=104857600"
- "POSTFIX_DEBUG=false"
- "POSTFIX_SMTPD_TLS=true"
- "POSTFIX_SMTP_TLS=true"
- "POSTFIX_SMTPD_TLS_CERT_FILE=/etc/letsencrypt/live/domainexample.xyz/fullchain.pem"
- "POSTFIX_SMTPD_TLS_KEY_FILE=/etc/letsencrypt/live/domainexample.xyz/privkey.pem"
- "RSPAMD_ENABLE=true"
- "RSPAMD_WEB_PASSWORD=1111111111111111"
restart: always
nginx:
image: nginx:1.25.3-alpine
container_name: addy_nginx
restart: unless-stopped
ports:
- '443:443'
volumes:
- /etc/ssl/dhparam.pem:/etc/ssl/dhparam.pem
- ./nginx/templates:/etc/nginx/templates
- /etc/letsencrypt:/etc/letsencrypt
depends_on:
- addy
Logs
addy_nginx | 111.111.111.111 - - [19/Dec/2023:06:29:44 +0000] "GET /captcha/mini?9ntdf97c HTTP/2.0" 200 5776 "https://websiteedited.xyz/register" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:122.0) Gecko/20100101 Firefox/122.0" "-"
addy | Dec 19 00:29:53 mail postfix/smtpd[1072]: warning: cannot get RSA certificate from file "/etc/letsencrypt/live/domain.xyz/fullchain.pem": disabling TLS support
addy | Dec 19 00:29:53 mail postfix/smtpd[1072]: warning: TLS library problem: error:80000002:system library::No such file or directory:crypto/bio/bss_file.c:297:calling fopen(/etc/letsencrypt/live/domain.xyz/fullchain.pem, r):
addy | Dec 19 00:29:53 mail postfix/smtpd[1072]: warning: TLS library problem: error:10080002:BIO routines::system lib:crypto/bio/bss_file.c:300:
addy | Dec 19 00:29:53 mail postfix/smtpd[1072]: warning: TLS library problem: error:0A080002:SSL routines::system lib:ssl/ssl_rsa.c:448:
Additional info
By default certbot certificates are only root accesible, i tried to create others on /home/user/anonaddy with 777. The application can not read those either.