Generating certificates for mail servers


#1

Can Let’s Encrypt be use to generate certificates for use with email servers? In my particular case, I would like to improve upon the certificates I generate with TinyCA2 and use with Dovecot. These certificates allow my mail clients to securely connect to the mail server running imaps.

Thanks!


#2

Yes, any kind of TLS server would be fine. Solving the ACME challenge currently requires spinning up at least a temporary web server on port 80 or 443. In the future, verification via DNS will be an option too.


#3

Note that you don’t need to actually set up a full web server if you don’t want. There’s a built-in “standalone” option in the official client that will work fine. All you need to do is make sure that port 80 isn’t blocked so the verification can complete.