Certbot for CentOS 8

Kellian · October 13, 2019, 1:02am

I am just wondering if Certbot is a work in progress for CentOS 8? And if it is, is there an ETA?

_az · October 13, 2019, 1:05am

Yes, the official instructions are to use certbot-auto: https://certbot.eff.org/lets-encrypt/centosrhel8-other

Kellian · October 13, 2019, 1:20am

Thank you for the quick reply.

Kellian · October 13, 2019, 2:22am

Now that will let me set my Apache cert but what about for my email server? I am using postfix and dovecot for my email server. Is it done the same way? or do I just use the same cert? In the past I just created one for Apache and then one for my email using www.example.com for apache and mail.example.com for my email.

_az · October 13, 2019, 8:41pm

Assuming mail.example.com is on the same server as www.example.com, you could create a dummy virtualhost in Apache that responds to mail.example.com:

<VirtualHost *:80>
  ServerName mail.example.com
</VirtualHost>

and issue a separate certificate for it:

certbot certonly -d mail.example.com -a apache \
--deploy-hook "service postfix reload; service dovecot reload"

Certbot doesn’t know how to configure Postfix and Dovecot with the new certificate, so you’ll need to do that part on your own. https://ssl-config.mozilla.org can propose configuration for both Postfix and Dovecot.

Just substitute the file paths:

Mozilla SSL Config Path	Certbot Path
`/path/to/signed_cert_plus_intermediates`	`/etc/letsencrypt/live/mail.example.com/fullchain.pem`
`/path/to/private_key`	`/etc/letsencrypt/live/mail.example.com/privkey.pem`

schoen · October 14, 2019, 3:43am

Why do these two services want different verbs here? I suppose the dovecot service as packaged by the operating system lacks a concept of reloading?

_az · October 14, 2019, 4:19am

I couldn’t find a quick answer to whether Dovecot reloads the certificate by SIGHUP or not. I’ve tested now - it does.

Kellian · October 14, 2019, 10:06pm

I will not be needing a VirtualHost for the email server. The mail.example.com will be used strictly for the email server. As for the www.example.com will be strictly for when I set up web mail.

Kellian · October 14, 2019, 10:11pm

@schoen Unfortunately when I set up CentOS 8 on my system I did a minimal install, which did not include Dovecot, so I had to install Dovecot after setting up the OS.

_az · October 14, 2019, 10:13pm

The purpose of the virtualhost is so that you can acquire a certificate for that domain using HTTP validation.

Otherwise, you don't have a way to authenticate your control of mail.example.com.

Kellian · October 14, 2019, 10:29pm

Okay now I understand. I will just add that line to my already existing VirtualHost.

system · November 13, 2019, 10:29pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.