Secure mail using Let's encrypt certificates
You can use Let's encrypt certificates to secure communication with your e-mail server.
After you generate certificate for your mail server:
certbot-auto certonly --apache --non-interactive --agree-tos \ --email me@mydomian -d mail.jaqb.gda.pl
they have to be copied to new location because Postfix/CyrusIMAP cannot read them, the /etc/letsencrypt/live directory can be read only by root.
The solution is simple. I've copied them into /etc/postfix directory and change group to mail:
cp /etc/letsencrypt/live/mail.jaqb.gda.pl/cert.pem \
/etc/postfix/cert.pem
cp /etc/letsencrypt/live/mail.jaqb.gda.pl/privkey.pem \
/etc/postfix/privkey.pem
cp /etc/letsencrypt/live/mail.jaqb.gda.pl/fullchain.pem \
/etc/postfix/fullchain.pem
chgrp mail /etc/postfix/cert.pem /etc/postfix/privkey.pem \
/etc/postfix/fullchain.pem
I've added this commands to /etc/cron.monthly/letsencrypt-auto.bash file (from my last post).
Of course you have to set that appropriate options, at least in /etc/postfix/main.cf:
smtpd_tls_cert_file = /etc/postfix/cert.pem smtpd_tls_key_file = /etc/postfix/privkey.pem smtpd_tls_CAfile = /etc/postfix/fullchain.pem
and in /etc/imapd.conf:
tls_cert_file: /etc/postfix/cert.pem tls_key_file: /etc/postfix/privkey.pem tls_ca_file: /etc/postfix/fullchain.pem
After restart:
/etc/init.d/postfix restart /etc/init.d/cyrus-imapd restart
everything should work. Good luck!
Comments
Log in or create a user account to comment.