Oke, I am trying to generate a certificate for my mail.mydomain.nl email (dovecot and postfix) server.
I took some time to find that the command ./letsencrypt certonly … does not work. Use always ./letsencrypt-auto certonly … .
I have access to my webserver as root and used the command:
/opt/letsencrypt# sudo ./letsencrypt-auto certonly --webroot -w /var/www/html/mydomain.nl -d mail.mydomain.nl
The response is:
Checking for new version…
Requesting root privileges to run letsencrypt…
/root/.local/share/letsencrypt/bin/letsencrypt certonly --webroot -w /var/www/html/mydomain.nl -d mail.mydomain.nl
Failed authorization procedure. mail.mydomain.nl (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://mail.mydomain.nl/.well-known/acme-challenge/0il40p8ufdlJ08H-6CX5-BJKcXdo7I-V-iUAQma2Fjo [46.xxx.xxx.xxx]: 404
The following errors were reported by the server:
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
Which is correct, because the domain mail.mydomain.nl is no webserver, but a mail server. A mail server has a MX record and No DNS A record.
So, now I am lost. The point of getting a certificate only, is to use the certificate elsewhere, isn’t it. Is it posible to get a mail cdrtificate at all? I am a little bit confused.
How can I get a certificate for mail.mydomain.nl?