Update firststeps-ssl.md

Dieser Commit ist enthalten in:
André Peters 2019-06-23 20:49:07 +02:00 committet von GitHub
Ursprung 7bf1e938e9
Commit ad775558d3
Es konnte kein GPG-SchlĂĽssel zu dieser Signatur gefunden werden
GPG-SchlĂĽssel-ID: 4AEE18F83AFDEB23

Datei anzeigen

@ -31,7 +31,7 @@ A wildcard name like `autoconfig.*` will try to obtain a autoconfig.DOMAIN_NAME
Run `docker-compose up -d` to recreate affected containers automatically. Run `docker-compose up -d` to recreate affected containers automatically.
## Validation errors and how to skip validation ### Validation errors and how to skip validation
You can skip the **IP verification** by setting `SKIP_IP_CHECK=y` in mailcow.conf (no quotes). Be warned that a misconfiguration will get you ratelimited by Let's Encrypt! This is primarily useful for multi-IP setups where the IP check would return the incorrect source IP. Due to using dynamic IPs for acme-mailcow, source NAT is not consistent over restarts. You can skip the **IP verification** by setting `SKIP_IP_CHECK=y` in mailcow.conf (no quotes). Be warned that a misconfiguration will get you ratelimited by Let's Encrypt! This is primarily useful for multi-IP setups where the IP check would return the incorrect source IP. Due to using dynamic IPs for acme-mailcow, source NAT is not consistent over restarts.
@ -41,11 +41,16 @@ You can also skip this validation method by setting `SKIP_HTTP_VERIFICATION=y` i
If you changed a SKIP_* parameter, run `docker-compose up -d` to apply your changes. If you changed a SKIP_* parameter, run `docker-compose up -d` to apply your changes.
## Disable Let's Encrypt function ### Disable Let's Encrypt
#### Disable Let's Encrypt completely
Set `SKIP_LETS_ENCRYPT=y` in "mailcow.conf" and recreate "acme-mailcow" by running `docker-compose up -d`. Set `SKIP_LETS_ENCRYPT=y` in "mailcow.conf" and recreate "acme-mailcow" by running `docker-compose up -d`.
## How to use your own ceritficate #### Skip all names but ${MAILCOW_HOSTNAME}
Add `ONLY_MAILCOW_HOSTNAME=y` to "mailcow.conf" and recreate "acme-mailcow" by running `docker-compose up -d`.
### How to use your own ceritficate
Make sure you disable mailcows internal LE client (see above). Make sure you disable mailcows internal LE client (see above).
@ -59,7 +64,7 @@ docker exec $(docker ps -qaf name=nginx-mailcow) nginx -s reload
docker exec $(docker ps -qaf name=dovecot-mailcow) dovecot reload docker exec $(docker ps -qaf name=dovecot-mailcow) dovecot reload
``` ```
## Check your configuration ### Check your configuration
Run `docker-compose logs acme-mailcow` to find out why a validation fails. Run `docker-compose logs acme-mailcow` to find out why a validation fails.