I run an unmanaged centos server and have recently updated all domains to https:// with no real problems but in the process I found odd links to an expired certificate that was on the server when I leased it that has stumped me!
Letencrypt provides 4 x .pem files that work but Dovecot seems to use .key and .crt files.
As this is all new to me even for a command line user, help please.
The server is server.watchet.net but the original stuff was under watchetwebdesign.co.uk but works on Dovecot without error. Maybe I am missing something obvious…
Hi lots of work later, sorted out most of the Dovecot cert stuff. had to delete a load of old certificates installed by the server provider, then got a cert for server.watchet.net and then changed the dovecot config files (was confused over .pem and .key and didn’t realise dovecot would accept any suffix providing it was a key.
Great BUT (always one of them!) the mailboxes are just users on the server without and mail is collected using the IP address not the server address (although the same) in this case if the IP is used client comes up with a cert/server mismatch. If say fred@server.watchet.net is used instead of fred@ IP then mail is fetched ssl with no problem,. It will take a while for my clients to use this if they have to, so would prefer to get a certifcate for the IP instead (it is permantly allocated to us) but 2 hours on the net have produced conflicting reports to say the least.
So, will letsencrypt give am IP server cert or do i have to go to a paid organisation?
Thanks for comments, just a pain to get everyone to change their email client - in otherwords I have to
visit a lot of my customers to show them how. Just using the IP is so much easier for customers than changing everything I set up…oh well if has to be done, has to be done! server.watchet.net is long!
Will try with some of the other virtual hosts as have a simpler jr-mail.co.uk domain.
Will keep looking for commercial idea as have to now set up sendmail to use TLS/SSL - more learning!
John