Certificat for mail server

Hi,

I am running 2 debian machines, one as a mail server and one as a web server.
Certs work fine for my web server, because its has port 80 and 443 forwarded to it. The problem is when I make certificates for my mail server.

I use SSL encryption for my mail server, but I cant make a certificate with certbot because it needs to check it by using a web server.

I was wondering how I could fix this. If you need any information let me know.

[INFO]

Domain: hedium.nl / mail.hedium.nl
Certbot Version: 0.10.2
Mail server is postfix with dovecot.

Two options:

• get the cert on the webserver and transfer it somehow securely to your mailserver (e.g. with scp)
• use certbot on the mailserver with the DNS challenge. For automated renewal it would require a DNS provider with an API.
• use certbot on the mailserver with your webserver configured as a reverse proxy for the hostname of your mailserver, assuming it has it’s own distinct FQDN. Otherwise you could have used a cert of the webserver in the first place.

Also, you could run Certbot on the mail server using --standalone (if there’s nothing listening on port 80 there).

Seeing the use of "forwarded", I assume both servers are behind some kind of NAT device, sharing a single public IP address.?

By the way, if using the reverse proxy trick, using standalone would be very useful on the mailserver too!

Hi, I was also thinking about transferring the ssl file from my web server. Going to try this out.

And yeah, I only have one IP address.

Ok, I got the cert moved with a script. Works great.

Do I need to reload postfix and dovecot every time I update the cert?

Yes. Just reloading is fine, no restart required.

alright thanks for all the help!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.