is a self signed certificate always invalid the first time?

[Larry Rosenman]

Yes, yes, and yes. 

This is what I do for https://webmail.lerctr.org, imap.lerctr.org, smtp.lerctr.org, et al. 


-- 
Larry Rosenman                     http://www.lerctr.org/~ler
Phone: +1 214-642-9640                 E-Mail: larryrtx at gmail.com
US Mail: 5708 Sabbia Drive, Round Rock, TX 78665-2106
 

On 8/9/17, 11:19 AM, "dovecot on behalf of Alef Veld" <dovecot-bounces at dovecot.org on behalf of alefveld at outlook.com> wrote:

    Cheers Remko and Ralph. I think there was some mention in the lets encrypt FAQ that certbot doesn't do email.
    
    But I understand I can use their generated very for dovecot, postfix and https? That would be good indeed.
    
    Anyone know of any manual, or can I just replace the certs in the dovecot and postfix locations with theirs? Do dovecot, postfix and apache all support .pem format?
    
    Sent from my iPhone
    
    > On 9 Aug 2017, at 17:07, Ralph Seichter <m16+dovecot at monksofcool.net> wrote:
    > 
    >> On 09.08.2017 17:49, Alef Veld wrote:
    >> 
    >> I think let’s encrypt uses certbot though and it can’t do email
    >> certificates (although i’m sure i can convert the cert i get from
    >> let’s encrypt, i’ll look into it.
    > 
    > I'm not sure what you mean by "can’t do email certificates"? In any
    > case, Let's Encrypt issues certificates that can be used by Dovecot
    > for IMAP and simultaneously by Apache or nginx for HTTPS and Postfix
    > for SMTP. The certificates are issued for servers, not for specific
    > software or protocols.
    > 
    > -Ralph