I am just wondering if Certbot is a work in progress for CentOS 8? And if it is, is there an ETA?
Yes, the official instructions are to use certbot-auto: https://certbot.eff.org/lets-encrypt/centosrhel8-other
Thank you for the quick reply.
Now that will let me set my Apache cert but what about for my email server? I am using postfix and dovecot for my email server. Is it done the same way? or do I just use the same cert? In the past I just created one for Apache and then one for my email using www.example.com for apache and mail.example.com for my email.
mail.example.com is on the same server as
www.example.com, you could create a dummy virtualhost in Apache that responds to
<VirtualHost *:80> ServerName mail.example.com </VirtualHost>
and issue a separate certificate for it:
certbot certonly -d mail.example.com -a apache \ --deploy-hook "service postfix reload; service dovecot reload"
Certbot doesn’t know how to configure Postfix and Dovecot with the new certificate, so you’ll need to do that part on your own. https://ssl-config.mozilla.org can propose configuration for both Postfix and Dovecot.
Just substitute the file paths:
|Mozilla SSL Config Path||Certbot Path|
Why do these two services want different verbs here? I suppose the
dovecot service as packaged by the operating system lacks a concept of reloading?
I couldn’t find a quick answer to whether Dovecot reloads the certificate by SIGHUP or not. I’ve tested now - it does.
@schoen Unfortunately when I set up CentOS 8 on my system I did a minimal install, which did not include Dovecot, so I had to install Dovecot after setting up the OS.
The purpose of the virtualhost is so that you can acquire a certificate for that domain using HTTP validation.
Otherwise, you don’t have a way to authenticate your control of
Okay now I understand. I will just add that line to my already existing VirtualHost.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.