letsencrypt

[Jeff Kletsky]

You can either drop the authentication token into /.wellknown on your
running server, or take down the server for a minute to run certbot
every couple months.

I'm not a fan of symlinks out of config directories and certainly not
across chroot / jail boundaries so I manually copy the certs into the
a subdirectory of the dovecot config directory.

Here's the segment from my local.conf file. The notes on permission
choices are mine and are stronger than many suggest.

---

# Preferred permissions: root:wheel 0444
ssl_cert = </usr/local/etc/dovecot/<some_meaningful_name>/fullchain.pem

# Preferred permissions: root:wheel 0400
ssl_key = </usr/local/etc/dovecot/<some_meaningful_name>/privkey.pem

---

FreeBSD uses a different directory structure than most Linux-based
systems, so the path to the dovecot config directory may be different
for you.

I didn't ever find any documentation of the 'var = <file' notation
but it take it to mean read the contents of the file into the variable


Jeff


On 3/3/17 11:22 AM, David Mehler wrote:
> Hello,
>
> Thanks. Is there another way of doing this? I've got a web server
> running on 80 and 443. Are there any other options?
>
> Thanks.
> Dave.
>