lets-encypt-certificate

Installing SSL certificate on iReadMail, especially Let’s encrypt is not so straight forward. Therefore, I had to write an article for it. If you have been following the installation of iRedMail, then already know I user iRedMail installer. So the steps to install SSL certificate are as follows.

Requesting a free cert from Let’s Encrypt

First of all we need to install certbot to get certificate from Let’s encrypt.

apt install certbot

Next verify the request process with dry run. This will not install the certificate rather verify the DNS records.

certbot certonly --webroot --dry-run -w /var/www/html -d mail.inguide.in

Next you will be asked for email address and to accept tos. Answer that.

Now if everything went smoothly and you didn’t get any error then run the following command to get the certificate.

certbot certonly --webroot -w /var/www/html -d mail.inguide.in

After successful execution of this command SSL certificate were store in the directory /etc/letsencrypt/live/mail.inguide.in/

Now we need to change the premission of this directory.

chmod 0644 /etc/letsencrypt/{live,archive}

Using the SSL certificate

Now we have SSL certificate ready to put in use. Run the following command to backup existing private keys

mv /etc/ssl/certs/iRedMail.crt{,.bak}   
mv /etc/ssl/private/iRedMail.key{,.bak}

It’s time to create symbolic link to the Let’s Encrypt files, or in simple words to install the certificate

ln -s /etc/letsencrypt/live/mail.inguide.in/fullchain.pem /etc/ssl/certs/iRedMail.crt
ln -s /etc/letsencrypt/live/mail.inguide.in/privkey.pem /etc/ssl/private/iRedMail.key

Restart the services with following command

systemctl restart dovecot
systemctl restart postfix
systemctl restart nginx
systemctl restart slapd

Now, go refresh the page to load new certificate.

Automatically renewing the certificate

Install new crontab with command:

crontab -e

In order type anything inside crontab press A on your keyboard. And then copy the following line

1   3   *   *   *   certbot renew --post-hook '/usr/sbin/service postfix restart; /usr/sbin/service nginx restart; /usr/sbin/service dovecot restart'

After the close the editor with esc + :wq

Conclusion

The brand new Let’s Encrypt SSL is ready on your iRedMail server. You can check it by visiting iRedMail admin, Webmail etc. Also, you will not receive any warning while submitting emails via SMTP or connecting from popular Email client like Outlook, Thunderbird, etc.

3 replies
  1. Michael Archer
    Michael Archer says:

    How about using Cloudflare SSL rather than use lets encrypt. I think it’s better to protect the site via cloudflare.

    helpful information btw. setup my own email server for 20 domains now.

    Reply

Trackbacks & Pingbacks

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *