how to setup IMAPs with letsencrypt
Jeremy Ardley
jeremy at ardley.org
Fri Apr 22 00:24:03 UTC 2022
On 22/4/22 7:50 am, Jeremy Ardley wrote:
> On 22/4/22 7:44 am, alice at coakmail.com wrote:
>>> On 22/4/22 7:25 am,alice at coakmail.com wrote:
>>>
>> Thanks. I will give a try.
>> after enabling SSL, can I disable port 143 entirely?
>>
> Probably a bad idea. Many clients use STARTTTLS on port 143 rather
> than TLS on port 993
>
>
I forgot to mention that in /etc/dovecot/dovecot.conf you don't need to
specify imaps.
Dovecot automatically listens on port 993 and 143 when ssl is specified
and applies the ssl directive as indicated.
#global
# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
ssl = required
ssl_min_protocol = TLSv1.2
ssl_cipher_list = EECDH+AESGCM:EDH+AESGCM
ssl_prefer_server_ciphers = yes
ssl_cert = </etc/letsencrypt/live/mail.example.com/fullchain.pem
ssl_key = </etc/letsencrypt/live/mail.example.com/privkey.pe
protocols = imap lmtp sieve
#specific domain override
local mail.example.com {
protocol imap {
ssl_cert = </etc/letsencrypt/live/special.example.com/fullchain.pem
ssl_key = </etc/letsencrypt/live/special.example.com/privkey.pem
}
}
It is possible to generate a wildcard letsencrypt certificate
*.example.com but the process is tricky and has unexpected side-effects
such as typo.example.com resolves to example.com in DNS
--
Jeremy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://dovecot.org/pipermail/dovecot/attachments/20220422/00f5da09/attachment.sig>
More information about the dovecot
mailing list