Hello,
Have you considered running getssl bash script?
It is well documented, self-updates automatically, supports https,
imaps, pop3s, ... and can push validation tokens to your web server
using rsync, ftp, ...
See https://github.com/srvrco/getssl/blob/master/README.md
Cheers
On 03/03/2017 08:22 PM, David Mehler wrote:
Hello,
Thanks. Is there another way of doing this? I've got a web server
running on 80 and 443. Are there any other options?
Thanks.
Dave.
On 3/3/17, Michael Neurohr <m...@michi.su> wrote:
On 2017-03-03 19:07, David Mehler wrote:
Hello,
I know some users here are using letsencrypt for their CA. If this is
to off topic write me privately.
I'm wanting letsencrypt to take over as my CA, replacing existing self
signed certificates. I've got web working, a certificate for https
sites and one for webmail as they have different names. What I'm now
wanting to do is get letsencrypt going for my email setup, the smtp
handled by postfix, but mail, and imap I believe are handled by
dovecot.
With the web it was easy just let apache serve the token that
letsencrypt needed and I got certificates. How do I do this with
regards email?
You can use certbot. It has a built in webserver. It allows you to
retrieve and renew the certificates automatically. I'm using it for
Dovecot and Postfix.
See https://certbot.eff.org/
I'm doing everything with the following command:
certbot/certbot-auto certonly --no-self-upgrade --standalone -n
--rsa-key-size 4096 -d domain1.example.com -d domain2.example.com
--pre-hook scripts/letsencrypt-pre-hook.sh --post-hook
scripts/letsencrypt-post-hook.sh
With the pre-hook and post-hook scripts I make sure to open and close
the firewall on port 443, and to reload Postfix and Dovecot in case a
certificate was update.
You can find all information about the flags that I'm using at
https://certbot.eff.org/docs/using.html
Michael
