From fe553506457a1dfb0dd788226c3c6978525b2b5f Mon Sep 17 00:00:00 2001
From: Thomas VIAL <github@ifusio.com>
Date: Sat, 5 Dec 2015 17:32:33 +0100
Subject: [PATCH] Cleaned code after live testing and improved documentation

---
 .gitignore              |  2 +-
 README.md               | 24 ++++++++++++------------
 SSL.md                  | 28 ++++++++++++++++++++++------
 docker-compose.yml.dist |  5 ++++-
 start-mailserver.sh     |  7 -------
 5 files changed, 39 insertions(+), 27 deletions(-)

diff --git a/.gitignore b/.gitignore
index 61e94224..319c0355 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,4 +2,4 @@
 docker-compose.yml
 postfix/ssl/*
 assert.sh*
-letsencrypt/
\ No newline at end of file
+letsencrypt/
diff --git a/README.md b/README.md
index c24c2fbf..0c6cac73 100644
--- a/README.md
+++ b/README.md
@@ -70,19 +70,19 @@ Volumes allow to:
 
 # client configuration
 
-  # imap
-  username:         <username1@my-domain.com>
-  password:         <username1password>
-  server:           <your-server-ip-or-hostname>
-  imap port:        143 or 993 with ssl (recommended)
-  imap path prefix:   INBOX
-  auth method:      md5 challenge-response
+    # imap
+    username:         <username1@my-domain.com>
+    password:         <username1password>
+    server:           <your-server-ip-or-hostname>
+    imap port:        143 or 993 with ssl (recommended)
+    imap path prefix:   INBOX
+    auth method:      md5 challenge-response
 
-  # smtp
-  smtp port:        25 or 587 with ssl (recommended)
-  username:         <username1@my-domain.com>
-  password:         <username1password>
-  auth method:      md5 challenge-response
+    # smtp
+    smtp port:        25 or 587 with ssl (recommended)
+    username:         <username1@my-domain.com>
+    password:         <username1password>
+    auth method:      md5 challenge-response
 
 # todo
 
diff --git a/SSL.md b/SSL.md
index 0bb3e972..023d208d 100644
--- a/SSL.md
+++ b/SSL.md
@@ -7,14 +7,30 @@ There are multiple options to enable SSL:
 
 ## let's encrypt
 
-To enable Let's Encrypt on your mail server, you have to add en environment variable `DMS_SSL` with value `letsencrypt`.
-You also have to mount your `letsencrypt` folder to `/etc/letsencrypt`.
-
-
-
-TO BE FINISHED WHEN IT WILL BE TESTED
+To enable Let's Encrypt on your mail server, you have to add en environment variable `DMS_SSL` with value `letsencrypt` (see `docker-compose.yml.dist`)
+You also have to mount your `letsencrypt` folder to `/etc/letsencrypt` and it should look like that:
 
+    ├── etc
+    │   └── letsencrypt
+    │       ├── accounts
+    │       ├── archive
+    │       │   └── mail.domain.com
+    │       │       ├── cert1.pem
+    │       │       ├── chain1.pem
+    │       │       ├── fullchain1.pem
+    │       │       └── privkey1.pem
+    │       ├── csr
+    │       ├── keys
+    │       ├── live
+    │       │   └── mail.domain.com
+    │       │       ├── cert.pem -> ../../archive/mail.domain.com/cert1.pem
+    │       │       ├── chain.pem -> ../../archive/mail.domain.com/chain1.pem
+    │       │       ├── combined.pem
+    │       │       ├── fullchain.pem -> ../../archive/mail.domain.com/fullchain1.pem
+    │       │       └── privkey.pem -> ../../archive/mail.domain.com/privkey1.pem
+    │       └── renewal
 
+You don't have anything else to do.
 
 ## self signed certificates
 
diff --git a/docker-compose.yml.dist b/docker-compose.yml.dist
index 6f3ba3b4..f5d24f88 100644
--- a/docker-compose.yml.dist
+++ b/docker-compose.yml.dist
@@ -2,7 +2,7 @@ mail:
   # image: tvial/docker-mailserver
   build: .
   hostname: mail
-  domainname: my-domain.com
+  domainname: domain.com
   ports:
   - "25:25"
   - "143:143"
@@ -11,3 +11,6 @@ mail:
   volumes:
   - ./spamassassin:/tmp/spamassassin/
   - ./postfix:/tmp/postfix/
+  - ./letsencrypt/etc:/etc/letsencrypt
+  environment:
+  - DMS_SSL=letsencrypt
diff --git a/start-mailserver.sh b/start-mailserver.sh
index ca5a7ecd..72345629 100644
--- a/start-mailserver.sh
+++ b/start-mailserver.sh
@@ -59,13 +59,6 @@ case $DMS_SSL in
   "letsencrypt" )
     # letsencrypt folders and files mounted in /etc/letsencrypt
 
-      # Adding certificates from Letsencrypt and IdenTrust
-      # curl https://letsencrypt.org/certs/isrgrootx1.pem -so /etc/ssl/certs/isrgrootx1.pem
-      # curl https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem -so /etc/ssl/certs/lets-encrypt-x1-cross-signed.pem
-      # curl https://letsencrypt.org/certs/lets-encrypt-x2-cross-signed.pem -so /etc/ssl/certs/lets-encrypt-x2-cross-signed.pem
-      # curl https://letsencrypt.org/certs/letsencryptauthorityx1.pem -so /etc/ssl/certs/letsencryptauthorityx1.pem
-      # curl https://letsencrypt.org/certs/letsencryptauthorityx2.pem -so /etc/ssl/certs/letsencryptauthorityx2.pem
-
       # Postfix configuration
       sed -i -r 's/smtpd_tls_cert_file=\/etc\/ssl\/certs\/ssl-cert-snakeoil.pem/smtpd_tls_cert_file=\/etc\/letsencrypt\/live\/'$(hostname)'\/fullchain.pem/g' /etc/postfix/main.cf
       sed -i -r 's/smtpd_tls_key_file=\/etc\/ssl\/private\/ssl-cert-snakeoil.key/smtpd_tls_key_file=\/etc\/letsencrypt\/live\/'$(hostname)'\/privkey.pem/g' /etc/postfix/main.cf