diff --git a/docker-compose/mail.yml b/docker-compose/mail.yml
index 567014ad7aad95518648b3e294c91ee2a5b8b43f..cc983b39e782549551e3acb0ee32ceb7f21729cb 100644
--- a/docker-compose/mail.yml
+++ b/docker-compose/mail.yml
@@ -15,25 +15,38 @@ services:
       - /var/lib/docker/volumes/mail-mda-log/_data:/var/log
     
   mail-mta:
-    build: ../pica-mail-mta
-    image: pica-mail-mta
-    container_name: pica-mail-mta
-#    ports:
+   build: ../pica-mail-mta
+   image: pica-mail-mta
+   container_name: pica-mail-mta
+#  ports:
 #      - "25:25"
-    networks:
+   networks:
       - mail
-    volumes:
+   volumes:
       - /var/lib/docker/volumes/mail-mta-log/_data:/var/log
-#      - /DATA/docker/mail/opendkim/nov2018.private:/etc/dkimkeys/nov2018.picasoft.net.rsa:ro
-    environment:
-      - LMTP_LAN_HOSTNAME=pica-mail-mda.pica_mail
-#    labels:
-#      - "traefik.frontend.rule=Host:mail-test-picasoft.maliach.fr"
+      - /DATA/docker/mail/opendkim/nov2018.private:/etc/dkimkeys/nov2018.picasoft.net.rsa:ro
+   environment:
+     - LMTP_LAN_HOSTNAME=pica-mail-mda.pica_mail
+   labels:
+      - "traefik.frontend.rule=Host:mail-test-picasoft.maliach.fr"
 #      - "traefik.port=80"
-#      - "traefik.enable=true"
-#      - "traefik.docker.network=pica_mail"
+      - "traefik.enable=true"
+      - "traefik.docker.network=pica_mail"
+
+  mail-copy-certs:
+    build: ../pica-mail-copy-certs
+    image: pica-mail-copy-certs
+    container_name: pica-mail-copy-certs
+    volumes:
+#contient acme.json
+      - /DATA/docker/traefik/certs/:/DATA/docker/traefik/certs/
+#output
+      - /DATA/docker/mail/ssl/:/DATA/docker/mail/ssl/
+    environment:
+      - DOMAIN=mail-test-picasoft.maliach.fr
+
 
-#on demande à traefik de générer un certificat (qu'on va récupérer dans acme.json) mais on n'expose aucun service.
+   
 
 networks:
   mail:
diff --git a/pica-mail-copy-certs/Dockerfile b/pica-mail-copy-certs/Dockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..642fadf57ff75b46d4e795056e83691c3268b512
--- /dev/null
+++ b/pica-mail-copy-certs/Dockerfile
@@ -0,0 +1,4 @@
+From alpine
+COPY ./update-certs-pica-mail.sh /scripts/pica-mail-copy-certs.sh
+RUN apk add --no-cache jq
+ENTRYPOINT ["/scripts/pica-mail-copy-certs.sh"]
diff --git a/pica-mail-copy-certs/update-certs-pica-mail.sh b/pica-mail-copy-certs/update-certs-pica-mail.sh
new file mode 100755
index 0000000000000000000000000000000000000000..99b0b1689b6fc625cbba4faf8f994b7a6b7f88a9
--- /dev/null
+++ b/pica-mail-copy-certs/update-certs-pica-mail.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+echo pica-copying certs for ${DOMAIN} from /DATA/docker/traefik/certs/acme.json to /DATA/docker/mail/ssl
+cat /DATA/docker/traefik/certs/acme.json | jq -r --arg domain ${DOMAIN} '.Certificates[] | if .Domain.Main == $domain then . else empty end | .Certificate' > /DATA/docker/mail/ssl/cert
+cat /DATA/docker/traefik/certs/acme.json | jq -r --arg domain ${DOMAIN} '.Certificates[] | if .Domain.Main == $domain then . else empty end | .Key' > /DATA/docker/mail/ssl/key