letsencrypt

David Mehler dave.mehler at gmail.com
Fri Mar 3 19:22:54 UTC 2017


Hello,

Thanks. Is there another way of doing this? I've got a web server
running on 80 and 443. Are there any other options?

Thanks.
Dave.


On 3/3/17, Michael Neurohr <mine at michi.su> wrote:
> On 2017-03-03 19:07, David Mehler wrote:
>> Hello,
>>
>> I know some users here are using letsencrypt for their CA. If this is
>> to off topic write me privately.
>>
>> I'm wanting letsencrypt to take over as my CA, replacing existing self
>> signed certificates. I've got web working, a certificate for https
>> sites and one for webmail as they have different names. What I'm now
>> wanting to do is get letsencrypt going for my email setup, the smtp
>> handled by postfix, but mail, and imap I believe are handled by
>> dovecot.
>>
>> With the web it was easy just let apache serve the token that
>> letsencrypt needed and I got certificates. How do I do this with
>> regards email?
>
> You can use certbot. It has a built in webserver. It allows you to
> retrieve and renew the certificates automatically. I'm using it for
> Dovecot and Postfix.
>
> See https://certbot.eff.org/
>
> I'm doing everything with the following command:
>
> certbot/certbot-auto certonly --no-self-upgrade --standalone -n
> --rsa-key-size 4096 -d domain1.example.com -d domain2.example.com
> --pre-hook scripts/letsencrypt-pre-hook.sh --post-hook
> scripts/letsencrypt-post-hook.sh
>
> With the pre-hook and post-hook scripts I make sure to open and close
> the firewall on port 443, and to reload Postfix and Dovecot in case a
> certificate was update.
>
> You can find all information about the flags that I'm using at
> https://certbot.eff.org/docs/using.html
>
> Michael
>


More information about the dovecot mailing list