I'm running Traefik 2.6.1 as docker container with several other containers which are serving different web sites etc. I have successfully setup the acme process within Traefik which automatically retrieves and installs certificate from LetsEncrypt within the acme.json file.
Now my problem: I have setup a dockerized Mailcow environment to get an email system up and running. For all these email services (SMTP/IMAP etc.) I want also use certificates from LetsEncrypt. The mailcow system comes with it's own acme client. It initiates the certificate creation successfully with the Cis/SANs I have configured - but when the LetsEncrypt servers will check the generated challenges to verify the request, they get a 404. These challenges will be "intercepted" by the acme-internal process of Traefik which by default catches all requests coming in on port 80 with a path containing /.well-known/acme-challenge. IMHO I have to achieve that exactly these acme challenges are routed and served by the Nginx web server which comes with Mailcow.
I tried the following within this web container to give him a higher priority than the internal acme services of Traefik:
labels:
- traefik.enable=true
- traefik.docker.network=traefik_traefik-net
- traefik.http.routers.mailcow-ui.rule=Host(„mcow-ui.mymail.domain)
- traefik.http.routers.mailcow-ui.tls=true
- traefik.http.routers.mailcow-ui.tls.options=intermediate@file
- traefik.http.routers.mailcow-ui.tls.certResolver=myresolver
- traefik.http.routers.mailcow-acme.rule=(Host("imap1.mymail.domain") || Host("smtp1.mymail.domain") || Host("mail1.mymail.domain")) && PathPrefix("/.well-known/acme-challenge/")
- traefik.http.routers.mailcow-acme.priority=999
- traefik.http.routers.mailcow-acme.entrypoints=web
But unfortunately this does not work. Although the priority is 999 - which should be much higher then the one of the internal acme service - Traefik intercepts the incoming challenges with the internal acme process and does not route the requests to the Mailcow web server.
By the way: The web UI of Mailcow is reachable without any problems via HTTPS by a certificate generated through the internal acme service of Traefik.
Any help appreciated.
Thanx from Germany.