Certbot centos7 apache dovecot postfix

mavizoso · June 30, 2020, 12:57am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: graduadosuba.org // mail.graduadosuba.org

I ran this command: None I’m thinking

It produced this output: none I’m thinking

My web server is (include version): VPS I have full access //CentOS Linux 7.8.2003//Apache 2.4.6//Postfix 2.10.1//Dovecot IMAP/POP3 Server 2.2.36

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Webmin 1.942//Usermin 1.791//Virtualmin 6 09

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 1.5.0

I did a fresh install from scratch. I was reading.
I cannot understand how I can generate a single certificate for apache and smtp.

rg305 · June 30, 2020, 5:31am

It is possible.
You can use HTTP authentication for both names.
I see both names resolve to the same IP (this simplifies things):

Name:    mail.graduadosuba.org
Address:  178.238.230.185

Name:    graduadosuba.org
Address:  178.238.230.185

If not already configured, you will need (at least) to setup a minimal HTTP vhost config for each name.
In there, you can process the HTTP authentication requests for each and also redirect all other requests to HTTPS.

You can issue individual certs for each name or one cert that contains both names (your choice - either one will work).

[I will skip the normal HTTPS implementation for web services - there are plenty of online docs for that.]

Once you have a cert that covers the name used by Dovecot/Postfix, you simply need to understand where and how Dovecot/Postfix use certificates.
Here are some starting points for that:
https://wiki.dovecot.org/SSL/DovecotConfiguration
http://www.postfix.org/TLS_README.html
From there you can move to automating the certificate renewal process to include restarting Dovecot/Postfix after each successful renewal.

system · July 30, 2020, 5:35am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Attempt two, use certbot to install certificates Help	3	759	March 12, 2020
A serious problem with certbot on centos 7 Help	26	3619	February 19, 2019
Certification files locations when certbot tell me that there are no certs intalled Help	3	557	March 9, 2020
Certbot not working with the new way that centos 7 handles vhosts Help	10	815	August 19, 2019
Certbot with Bitnami Apache Help	3	1221	April 13, 2019

Certbot centos7 apache dovecot postfix

Related topics