letsencrypt
Michael Neurohr
mine at michi.su
Fri Mar 3 18:20:11 UTC 2017
On 2017-03-03 19:07, David Mehler wrote:
> Hello,
>
> I know some users here are using letsencrypt for their CA. If this is
> to off topic write me privately.
>
> I'm wanting letsencrypt to take over as my CA, replacing existing self
> signed certificates. I've got web working, a certificate for https
> sites and one for webmail as they have different names. What I'm now
> wanting to do is get letsencrypt going for my email setup, the smtp
> handled by postfix, but mail, and imap I believe are handled by
> dovecot.
>
> With the web it was easy just let apache serve the token that
> letsencrypt needed and I got certificates. How do I do this with
> regards email?
You can use certbot. It has a built in webserver. It allows you to
retrieve and renew the certificates automatically. I'm using it for
Dovecot and Postfix.
See https://certbot.eff.org/
I'm doing everything with the following command:
certbot/certbot-auto certonly --no-self-upgrade --standalone -n
--rsa-key-size 4096 -d domain1.example.com -d domain2.example.com
--pre-hook scripts/letsencrypt-pre-hook.sh --post-hook
scripts/letsencrypt-post-hook.sh
With the pre-hook and post-hook scripts I make sure to open and close
the firewall on port 443, and to reload Postfix and Dovecot in case a
certificate was update.
You can find all information about the flags that I'm using at
https://certbot.eff.org/docs/using.html
Michael
More information about the dovecot
mailing list