Certbot centos7 apache dovecot postfix

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: graduadosuba.org // mail.graduadosuba.org

I ran this command: None I’m thinking

It produced this output: none I’m thinking

My web server is (include version): VPS I have full access //CentOS Linux 7.8.2003//Apache 2.4.6//Postfix 2.10.1//Dovecot IMAP/POP3 Server 2.2.36

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Webmin 1.942//Usermin 1.791//Virtualmin 6 09

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 1.5.0

I did a fresh install from scratch. I was reading.
I cannot understand how I can generate a single certificate for apache and smtp.

1 Like

It is possible.
You can use HTTP authentication for both names.
I see both names resolve to the same IP (this simplifies things):

Name:    mail.graduadosuba.org
Address:  178.238.230.185

Name:    graduadosuba.org
Address:  178.238.230.185

If not already configured, you will need (at least) to setup a minimal HTTP vhost config for each name.
In there, you can process the HTTP authentication requests for each and also redirect all other requests to HTTPS.

You can issue individual certs for each name or one cert that contains both names (your choice - either one will work).

[I will skip the normal HTTPS implementation for web services - there are plenty of online docs for that.]

Once you have a cert that covers the name used by Dovecot/Postfix, you simply need to understand where and how Dovecot/Postfix use certificates.
Here are some starting points for that:
https://wiki.dovecot.org/SSL/DovecotConfiguration
http://www.postfix.org/TLS_README.html
From there you can move to automating the certificate renewal process to include restarting Dovecot/Postfix after each successful renewal.

1 Like