how to setup IMAPs with letsencrypt
Shawn Heisey
elyograg at elyograg.org
Sun Apr 24 01:47:45 UTC 2022
On 4/23/2022 6:45 PM, Richard Hector wrote:
> _A_ web server has to be there. It doesn't have to serve anything else
> useful. My mail server has a web server that only serves the LE
> challenge. Well, actually it's a proxy server that serves several
> other domains too, but there's nothing else served on that domain (at
> the moment).
I didn't want to mess with creating a web infrastructure for the usual
web-based validation that is common with LE. Getting that working for
my services would be very messy. So I use DNS validation with
LetsEncrypt, and I have wildcards in my cert. You can see the cert at
this location:
https://http3test.elyograg.org/
Reload the page to see if your browser can do http/3 -- the initial
connection will usually be http/2.
Certbot has plugins for many common DNS providers that let it
automatically add the validation records to your DNS. I use a DNS
provider which is not covered by the official plugins, but I found a
third party hook script on github, so I have built scripts that
accomplish completely automated certificate renewals with DNS
validation. I run the renew script with cron every other day, and have
it waiting until 5 days before expiration before it actually does the
renewal. So I get a new cert about every 85 days, and it even installs
the cert and restarts services on everything that needs it.
Thanks,
Shawn
More information about the dovecot
mailing list