Certbot for CentOS 8

I am just wondering if Certbot is a work in progress for CentOS 8? And if it is, is there an ETA?

Yes, the official instructions are to use certbot-auto: https://certbot.eff.org/lets-encrypt/centosrhel8-other

Thank you for the quick reply.

Now that will let me set my Apache cert but what about for my email server? I am using postfix and dovecot for my email server. Is it done the same way? or do I just use the same cert? In the past I just created one for Apache and then one for my email using www.example.com for apache and mail.example.com for my email.

Assuming mail.example.com is on the same server as www.example.com, you could create a dummy virtualhost in Apache that responds to mail.example.com:

<VirtualHost *:80>
  ServerName mail.example.com

and issue a separate certificate for it:

certbot certonly -d mail.example.com -a apache \
--deploy-hook "service postfix reload; service dovecot reload"

Certbot doesn’t know how to configure Postfix and Dovecot with the new certificate, so you’ll need to do that part on your own. https://ssl-config.mozilla.org can propose configuration for both Postfix and Dovecot.

Just substitute the file paths:

Mozilla SSL Config Path Certbot Path
/path/to/signed_cert_plus_intermediates /etc/letsencrypt/live/mail.example.com/fullchain.pem
/path/to/private_key /etc/letsencrypt/live/mail.example.com/privkey.pem

Why do these two services want different verbs here? I suppose the dovecot service as packaged by the operating system lacks a concept of reloading?

I couldn’t find a quick answer to whether Dovecot reloads the certificate by SIGHUP or not. I’ve tested now - it does.

I will not be needing a VirtualHost for the email server. The mail.example.com will be used strictly for the email server. As for the www.example.com will be strictly for when I set up web mail.

@schoen Unfortunately when I set up CentOS 8 on my system I did a minimal install, which did not include Dovecot, so I had to install Dovecot after setting up the OS.

The purpose of the virtualhost is so that you can acquire a certificate for that domain using HTTP validation.

Otherwise, you don't have a way to authenticate your control of mail.example.com.

Okay now I understand. I will just add that line to my already existing VirtualHost.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.