If you want to use a cert that isn't created by the built-in LE functionality.
In /opt/mailcow-dockerized/mailcow.conf set the following parameters
SKIP_LETS_ENCRYPT=y
SKIP_IP_CHECK=y
SKIP_HTTP_VERIFICATION=yCopy the fullchain.pem and privkey.pem files from LE to MailCow. You cannot use symlinks!
cp /etc/letsencrypt/live/mail.domain.com/fullchain.pem /opt/mailcow-dockerized/data/assets/ssl/cert.pem
cp /etc/letsencrypt/live/mail.domain.com/privkey.pem /opt/mailcow-dockerized/data/assets/ssl/key.pemAfter the initial setup of your LE cert, you can use this script to auto-renew.
Do note, I don't run MailCow's GUI on tcp/80 but on 8080 to allow Certbot to spin up its own temporary webserver for validation processes.
#!/bin/bash
hostname="mail.domain.com"
LEdir="/etc/letsencrypt/live"
mailcowCertDir="/opt/mailcow-dockerized/data/assets/ssl"
date=$(date)
printf "\n\e[1;31m$date\e[0m\n"
printf "\n\e[1;33mOpen 80/tcp for Certbot validation:\e[0m\n"
firewall-cmd --add-service=http && firewall-cmd --reload
sleep 1
printf "\n\e[1;33mRunning Certbot:\e[0m\n"
certbot renew --standalone
sleep 1
printf "\n\e[1;33mClosing 80/tcp:\e[0m\n"
firewall-cmd --remove-service=http && firewall-cmd --reload
sleep 1
printf "\n\e[1;33mCopying LetsEncrypt cert and key to Mailcow:\e[0m "
cp $LEdir/$hostname/fullchain.pem $mailcowCertDir/cert.pem
cp $LEdir/$hostname/privkey.pem $mailcowCertDir/key.pem
printf "\n[+] $hostname - Done"
sleep 1
printf "\n\n\e[1;33mRestarting Postfix:\e[0m "
docker restart $(docker ps -qaf name=postfix-mailcow)
printf "\e[1;33mRestarting Nginx:\e[0m "
docker restart $(docker ps -qaf name=nginx-mailcow)
printf "\e[1;33mRestarting Dovecot:\e[0m "
docker restart $(docker ps -qaf name=dovecot-mailcow)
printf "\n\e[1;31mDone.\e[0m\n#############################################################################\n\n\n"