Poste.io + Traefik v3 | Docker Compose Setup

docker-compose.yml

networks:
  traefik-proxy:
    name: traefik_gateway
    external: true

services:
  mailserver:
    image: analogic/poste.io
    container_name: mailserver
    hostname: mail.example.com
    restart: always
    environment:
      - DISABLE_CLAMAV=TRUE
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ./data:/data
    labels:
      - "traefik.enable=true"

      - "traefik.http.routers.mailserver.entrypoints=web"
      - "traefik.http.routers.mailserver.rule=Host(`mail.example.com`)"
      - "traefik.http.routers.mailserver.service=mailserver"
      - "traefik.http.services.mailserver.loadbalancer.server.port=80"

      - "traefik.tcp.routers.mailserver.entrypoints=websecure"
      - "traefik.tcp.routers.mailserver.rule=HostSNI(`mail.example.com`)"
      - "traefik.tcp.routers.mailserver.service=mailserver"
      - "traefik.tcp.routers.mailserver.tls.passthrough=true"
      - "traefik.tcp.services.mailserver.loadbalancer.server.port=443"
    networks:
      - traefik-proxy
    extra_hosts:
      - "host.docker.internal:host-gateway"
    ports:
      - "25:25"
      - "110:110"
      - "143:143"
      - "465:465"
      - "587:587"
      - "993:993"
      - "995:995"

2024-09-11T14:54:14Z ERR Cannot retrieve the ACME challenge for mail.domain.com (token "aYq1hgW_7oFJIDZPLyvcTvfbo-q4mCSAavVG5OU2gKI") providerName=acme

networks:
  traefik-proxy:
    name: traefik_gateway
    external: true

services:
  mailserver:
    image: analogic/poste.io
    container_name: mailserver
    hostname: mail.example.com
    restart: always
    environment:
      - DISABLE_CLAMAV=TRUE
      # Disable Poste.io's built-in Let's Encrypt
      - DISABLE_LETSENCRYPT=TRUE 
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ./data:/data
    labels:
      - "traefik.enable=true"
      
      # HTTP
      - "traefik.http.routers.mailserver.entrypoints=web"
      - "traefik.http.routers.mailserver.rule=Host(`mail.example.com`)"
      - "traefik.http.routers.mailserver.service=mailserver"
      - "traefik.http.services.mailserver.loadbalancer.server.port=80"
      
      # HTTPS
      - "traefik.http.routers.mailserver-secure.entrypoints=websecure"
      - "traefik.http.routers.mailserver-secure.rule=Host(`mail.example.com`)"
      - "traefik.http.routers.mailserver-secure.service=mailserver"
      - "traefik.http.routers.mailserver-secure.tls=true"
      - "traefik.http.routers.mailserver-secure.tls.certresolver=le" # Assuming your Traefik is configured with a certresolver named 'le'

      # Mail ports
      - "traefik.tcp.routers.smtp.entrypoints=smtp"
      - "traefik.tcp.routers.smtp.rule=HostSNI(`*`)"
      - "traefik.tcp.routers.smtp.service=smtp"
      - "traefik.tcp.services.smtp.loadbalancer.server.port=25"

      - "traefik.tcp.routers.smtps.entrypoints=smtps"
      - "traefik.tcp.routers.smtps.rule=HostSNI(`*`)"
      - "traefik.tcp.routers.smtps.service=smtps"
      - "traefik.tcp.services.smtps.loadbalancer.server.port=465"

      # Add similar configurations for other mail ports (587, 993, etc.)
    networks:
      - traefik-proxy
    extra_hosts:
      - "host.docker.internal:host-gateway"
    ports:
      - "25:25"
      - "110:110"
      - "143:143"
      - "465:465"
      - "587:587"
      - "993:993"
      - "995:995"

Traefik configuration snippet

# traefik.yml
certificatesResolvers:
  le:
    acme:
      email: [email protected]
      storage: acme.json
      httpChallenge:
        entryPoint: web

entryPoints:
  web:
    address: ":80"
  websecure:
    address: ":443"
  smtp:
    address: ":25"
  smtps:
    address: ":465"
  # Define other mail ports as needed

I did that but continue with fail on the tcp connections.

continue showing the last certificate and not the new