Hello, Thanks. Is there another way of doing this? I've got a web server running on 80 and 443. Are there any other options?
Thanks. Dave. On 3/3/17, Michael Neurohr <m...@michi.su> wrote: > On 2017-03-03 19:07, David Mehler wrote: >> Hello, >> >> I know some users here are using letsencrypt for their CA. If this is >> to off topic write me privately. >> >> I'm wanting letsencrypt to take over as my CA, replacing existing self >> signed certificates. I've got web working, a certificate for https >> sites and one for webmail as they have different names. What I'm now >> wanting to do is get letsencrypt going for my email setup, the smtp >> handled by postfix, but mail, and imap I believe are handled by >> dovecot. >> >> With the web it was easy just let apache serve the token that >> letsencrypt needed and I got certificates. How do I do this with >> regards email? > > You can use certbot. It has a built in webserver. It allows you to > retrieve and renew the certificates automatically. I'm using it for > Dovecot and Postfix. > > See https://certbot.eff.org/ > > I'm doing everything with the following command: > > certbot/certbot-auto certonly --no-self-upgrade --standalone -n > --rsa-key-size 4096 -d domain1.example.com -d domain2.example.com > --pre-hook scripts/letsencrypt-pre-hook.sh --post-hook > scripts/letsencrypt-post-hook.sh > > With the pre-hook and post-hook scripts I make sure to open and close > the firewall on port 443, and to reload Postfix and Dovecot in case a > certificate was update. > > You can find all information about the flags that I'm using at > https://certbot.eff.org/docs/using.html > > Michael >