Lets Encrypt TLS set up
02-03-2018, 09:34 PM
(This post was last modified: 02-04-2018, 05:05 PM by CMs222.)
Happy Weekend to ALL.
let me start by saying thanks to all the hard work you guys/girls put into Sentora.
I've spent the last 2 days wading through endless posts & threads
all asking the same question with different answers.
Could not fing a strainght forward guide...
I also done hundreds of searches on the forum for the simple answer..
this is what i've done so far is:
1. used this thread http://forums.sentora.org/showthread.php?tid=2535
(Secure Sentora Domains with Let's Encrypt)
to get cert for
mail.domain.tld
2. used this thread http://forums.sentora.org/showthread.php?tid=46
(Ubuntu: How to setup TLS on postfix and dovecot)
started at no3
4: find # tls config and added
smtp_use_tls = no
smtpd_use_tls = yes
smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
smtpd_tls_key_file = /etc/letsencrypt/live/mail.domain.tld/privkey.pem
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.domain.tld/cert.pem
smtpd_tls_CAfile = /etc/letsencrypt/live/mail.domain.tld/fullchain.pem
and removed what was there before
------------------------------------------------
5: edit master.cf (did what the guide said)
------------------------------------------------
6: configure Dovecot
Code:
and changed
and added this below it:
ssl_key = </etc/letsencrypt/live/mail.domain.tld/privkey.pem
ssl_cert = </etc/letsencrypt/live/mail.domain.tld/cert.pem
ssl_ca = </etc/letsencrypt/live/mail.domain.tld/fullchain.pem
Code:
CHECKED at
http://www.checktls.com/perl/TestReceiver.pl
EVERYTHING Green OK
let me start by saying thanks to all the hard work you guys/girls put into Sentora.
I've spent the last 2 days wading through endless posts & threads
all asking the same question with different answers.
Could not fing a strainght forward guide...
I also done hundreds of searches on the forum for the simple answer..
this is what i've done so far is:
1. used this thread http://forums.sentora.org/showthread.php?tid=2535
(Secure Sentora Domains with Let's Encrypt)
to get cert for
mail.domain.tld
2. used this thread http://forums.sentora.org/showthread.php?tid=46
(Ubuntu: How to setup TLS on postfix and dovecot)
started at no3
Code:
nano /etc/postfix/main.cf4: find # tls config and added
smtp_use_tls = no
smtpd_use_tls = yes
smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
smtpd_tls_key_file = /etc/letsencrypt/live/mail.domain.tld/privkey.pem
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.domain.tld/cert.pem
smtpd_tls_CAfile = /etc/letsencrypt/live/mail.domain.tld/fullchain.pem
and removed what was there before
------------------------------------------------
5: edit master.cf (did what the guide said)
------------------------------------------------
6: configure Dovecot
Code:
Code:
nano /etc/dovecot/dovecot.confand changed
Code:
ssl = no to ssl = yesssl_key = </etc/letsencrypt/live/mail.domain.tld/privkey.pem
ssl_cert = </etc/letsencrypt/live/mail.domain.tld/cert.pem
ssl_ca = </etc/letsencrypt/live/mail.domain.tld/fullchain.pem
Code:
Code:
service postfix restart
service dovecot restartCHECKED at
http://www.checktls.com/perl/TestReceiver.pl
EVERYTHING Green OK
