Letsencrypt

hci

Verified User
Joined
Jun 15, 2004
Messages
330
Does anyone have a step by step for getting Letsencrypt to work? Would like to use it for webmail and email(smtp,pop3,imap).

Have tried following this on a fresh Directadmin install.

https://www.directadmin.com/features.php?id=1828

nano /usr/local/directadmin/conf/directadmin.conf
Added: letsencrypt=1

./build update
./build letsencrypt
./build rewrite_confs
systemctl restart directadmin.service
systemctl restart httpd

I enable SSL in DA GUI. I then created my Letsencrypt Certificate in the GUI and I get this.


Certificate for **************.com has been created successfully!

NOTE: You are using the server IP, so your certificate and key have been saved to:
/etc/httpd/conf/ssl.crt/server.crt
/etc/httpd/conf/ssl.key/server.key
NOTE: You are using the server IP, so your CA Root Certificate has been saved to:
/etc/httpd/conf/ssl.crt/server.ca


Looking at /etc/httpd/conf/ssl.crt/server.crt and others with "ls -la" they are weeks or more old and the certificate does not work when I use https in webrowser.

Any ideas?
 

SeLLeRoNe

Super Moderator
Joined
Oct 9, 2004
Messages
6,789
Location
A Coruña, Spain
The certificate issued for LetsEncrypt from DA should be saved in /usr/local/direcetadmin/data/users/USERNAME/domains/DOMAIN.cert.combined , not at server level.

Best regards
 

hci

Verified User
Joined
Jun 15, 2004
Messages
330
I think the problem was I was trying to create it for the admin account at the user level. This is on a fresh install on Centos 7.

I had to put one of my users on there own IP to make this work. I created certificates for ********.com, www.********.com and mail.**********.com. After restarting httpd it seems to work fine for https web access.

But now how do I make it work for IMAP, POP3 and SMTP? I have users say there smartphones complain about unsigned certificates etc. I want them all to use mail.*********.com and have encrypted email access.
 
Top