Alef,
Certbot creates regular certificates that can be used by dovecot to get a “validated” connection to the mailserver. You obviously need to do the certbot walk to gain the certificate, but if you have it, you can use it for dovecot.
Just refer to it in the configuration and you should be fine..
Cheers Remko
On 9 Aug 2017, at 17:49, Alef Veld alefveld@outlook.com wrote:
Thanks Ralph, i’ll look into that.
I think let’s encrypt uses certbot though and it can’t do email certificates (although i’m sure i can convert the cert i get from let’s encrypt, i’ll look into it.
On 9 Aug 2017, at 16:40, Ralph Seichter m16+dovecot@monksofcool.net wrote:
On 09.08.2017 17:20, Alef Veld wrote:
So i’m using dovecot, and i created a self signed certificate with mkcert.sh based on dovecot-openssl.cnf. The name in there matches my mail server.
The first time it connects in mac mail however, it says the certificate is invalid and another server might pretend to be me etc.
This is to be expected for self-signed certificates. The MUA (Apple Mail in your case) cannot know that the certificate is trusted until you confirm it.
For certificates signed by third parties, the client (or OS) performs the same checks. If a chain of trust can be established based on the client/OS certificate store, which comes pre-populated with well-known third party CA certificates, allowing to verify certificate signatures, your MUA will trust the presented certificate without you confirming it.
I recommend you look into using a free Let's Encrypt certificate (see https://letsencrypt.org/) instead of a self-signed certificate.
-Ralph