How to correctly install SSL on Email using the generated let'sencrypt certificate?

MaXi32

Verified User
Joined
Jul 25, 2016
Messages
656
Location
The Earth
When generating certificate via directadmin using letsencrypt (mail.domain.com), I saw a cert generated called:

letsencrypt.key

How do I point this certificate in dovcot so, that it will use let's encrypt ?

Because dovcot only take 2 parameters like below and I dont see the fullchain.pem and privkey.pem inside the folder:

ssl_cert = </etc/letsencrypt/live/YOURSITE/fullchain.pem
ssl_key = </etc/letsencrypt/live/YOURSITE/privkey.pem

How do I point certificate in dovcot to let's encrypt certs ?


I'm using Centos 7
 
I notice that the built-in feature letsencrypt in DA combined the cert into one. Is there a way how to I point that one cert into dovcot? or that is impossible? Please help.
 
Last edited:
I search another site that we can manually install the DA letsencrypt so that it will generate some files for certificates (3 files) where I can use it to point to the dovcot. So I have to disable the built in feature of DA Let's encrypt for this right? The URL:

https://www.interserver.net/tips/kb/letsencrypt-support-directadmin-control-panel/

Is this the best way to separate the certs to be used in the dovcot? Can somebody point me to the right direction. What about the renewal process? Will directadmin handle the cert's renewal process or we need to create cronjob for that ? I'm lost.

My aim is just to enable certificate for the mail.domain.com (using let's encrypt) so when I log in using 3rd party email client, it would not complain about invalid certs.
 
Last edited:
With recent updates to DA + Let's Encrypt you have a couple of options:

- use Let's Encrypt for your hostname (https,ftp,exim & dovecot) and use that in the mail clients
- use "mail_sni" in directadmin.conf

If you use one of these that works best for you Lets Encrypt handles the renewal process if you have letsencrypt=1 in directadmin.conf. All info are on the forums & directadmin.com changelog :)
 
Yes that's the correct one, it works really good :). It's a fairly new feature released back in 1.52: https://forum.directadmin.com/showthread.php?t=55362

To enable mail.* by default when creating a TLS certificate you can also use (examples):

Code:
letsencrypt_list=www:mail:ftp
letsencrypt_list_selected=www:mail

in directadmin.conf
 
Last edited:
Back
Top