lets-encypt-certificate

Installing SSL certificate on iRedMail, especially Let’s encrypt is not so straightforward. Therefore, I had to write an article about it. If you have been following the installation of iRedMail, then already know I used the iRedMail installer in my tutorial on iRedMail. So the steps to install an SSL certificate is as follows.

Requesting a free cert from Let’s Encrypt

First of all, we need to install certbot to get a certificate from Let’s encrypt.

apt install certbot

Next, verify the request process with a dry run. This will not install the certificate rather verify the DNS records.

certbot certonly --webroot --dry-run -w /var/www/html -d mail.inguide.in

Next, you will be asked for an email address and to accept tos. Answer that.

Now if everything went smoothly and you didn’t get any error then run the following command to get the certificate.

certbot certonly --webroot -w /var/www/html -d mail.inguide.in

After successful execution of this command, SSL certificates were stored in the directory /etc/letsencrypt/live/mail.inguide.in/

Now we need to change the permissions of this directory.

chmod 0644 /etc/letsencrypt/{live,archive}

Install the SSL Certificate for iRedMail

Now we have SSL certificate ready to put in use. Run the following command to backup existing private keys

mv /etc/ssl/certs/iRedMail.crt{,.bak}   
mv /etc/ssl/private/iRedMail.key{,.bak}

It’s time to create a symbolic link to the Let’s Encrypt files, or in simple words to install the certificate

ln -s /etc/letsencrypt/live/mail.inguide.in/fullchain.pem /etc/ssl/certs/iRedMail.crt
ln -s /etc/letsencrypt/live/mail.inguide.in/privkey.pem /etc/ssl/private/iRedMail.key

Restart the services with the following command

systemctl restart dovecot
systemctl restart postfix
systemctl restart nginx
systemctl restart slapd

Now, go refresh the page to load the new certificate.

Automatically renewing the certificate

Install new crontab with the command:

crontab -e

In order to type anything inside crontab press A on your keyboard. And then copy the following line

1   3   *   *   *   certbot renew --post-hook '/usr/sbin/service postfix restart; /usr/sbin/service nginx restart; /usr/sbin/service dovecot restart'

After the close the editor with esc + :wq

Conclusion

The brand new Let’s Encrypt SSL is ready on your iRedMail server. You can check it by visiting iRedMail admin, Webmail, etc. Also, you will not receive any warning while submitting emails via SMTP or connecting from popular Email clients like Outlook, Thunderbird, etc.

Let me know in the comments how do you install SSL on iredMail.

3 replies
  1. Michael Archer
    Michael Archer says:

    How about using Cloudflare SSL rather than use lets encrypt. I think it’s better to protect the site via cloudflare.

    helpful information btw. setup my own email server for 20 domains now.

    Reply

Trackbacks & Pingbacks

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *