SSL for mail

  • Hello,


    can I setup a SSL thought Let's Encrypt for my mail server, pop3,imap,smtp??



    i see that in version:
    Changes in version 2.2.0-r4254 (07/14/2016):


    say:
    SSL certificate for SMTP, POP3/IMAP and FTP is updated when being modified or extended (eg. with Let's Encrypt)


    but i couldn't setup it.
    alway get this messages:
    HTTP is not enabled for this domain


    on my server where is a business license and mail services, I don't have a web server,


    just, liveconfig, postfix,dovecot,bind,.....



    how could I setup SSL thought Let's Encrypt for my mail server??


    regards,
    Radenko

  • Let's Encrypt requires some authorization to prove that you "own" the domain. This authorization can me made via HTTP or DNS, but LiveConfig currently only supports HTTP.


    To use eg. "mail.example.org" with Let's Encrypt, you need to set up some (small) webspace and configure the domain with it. The web space can be on another server than the mail server (if you run a multi-server setup) and does not require any features, just 1 MB webspace. You can even configure a redirect eg. from mail.example.org to http://www.example.org.


    Then you can configure a Let's Encrypt certificate with LiveConfig and use this with Dovecot & Postfix.


    Best regards


    -Klaus Keppler


  • the problem is that for example my domain mail.example.org has A record looking on mail server,
    and when enable web space on him, then add certificate with Let's Encrypt, got the next error:


    liveconfig.log



    could not find:
    http://mail.example.org/.well-…rnVWutUPq75Xer7IuClRaBfs:


    because mail.example.org looks on mail server not web server.

  • New StartSSL certificates aren't trusted any more, so this is no solution.
    We will add DNS authorization within the next 3-4 months, which will be a "clean" solution. Until this feature is available, you can possibly run a minimal NGINX on your mail server (don't need no PHP nor MySQL).


    (Actually we do this on our mail servers and redirect visitors to the webmail URL)

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!