letsencrypt

Michael Neurohr mine at michi.su
Fri Mar 3 18:20:11 UTC 2017


On 2017-03-03 19:07, David Mehler wrote:
> Hello,
> 
> I know some users here are using letsencrypt for their CA. If this is
> to off topic write me privately.
> 
> I'm wanting letsencrypt to take over as my CA, replacing existing self
> signed certificates. I've got web working, a certificate for https
> sites and one for webmail as they have different names. What I'm now
> wanting to do is get letsencrypt going for my email setup, the smtp
> handled by postfix, but mail, and imap I believe are handled by
> dovecot.
> 
> With the web it was easy just let apache serve the token that
> letsencrypt needed and I got certificates. How do I do this with
> regards email?

You can use certbot. It has a built in webserver. It allows you to
retrieve and renew the certificates automatically. I'm using it for
Dovecot and Postfix.

See https://certbot.eff.org/

I'm doing everything with the following command:

certbot/certbot-auto certonly --no-self-upgrade --standalone -n
--rsa-key-size 4096 -d domain1.example.com -d domain2.example.com
--pre-hook scripts/letsencrypt-pre-hook.sh --post-hook
scripts/letsencrypt-post-hook.sh

With the pre-hook and post-hook scripts I make sure to open and close
the firewall on port 443, and to reload Postfix and Dovecot in case a
certificate was update.

You can find all information about the flags that I'm using at
https://certbot.eff.org/docs/using.html

Michael


More information about the dovecot mailing list