My host provider (MochaHost) insists that Let's Encrypt does not work with mail servers, to send/receive emails using SSL encryption. He's telling me to buy a paid certificate.
Is that true?
Is there a step by step guide about configuring Let's Encrypt to use on a mail server?
Thank you so much in advance.
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:microsafe.com.br
I ran this command:
It produced this output:
My web server is (include version):IIS 8.0
The operating system my web server runs on is (include version):Windows Server 2012
My hosting provider, if applicable, is:mochahost.com
I can login to a root shell on my machine (yes or no, or I don't know):yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):SolidCP
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):don't know
Any SSL/TLS certificate, including one issued by Let's Encrypt, can be used to secure email communications. How to do so depends upon the mail server software being used. As this process is not at all specific to Let's Encrypt certificates, I encourage you to search for the documentation for your mail server software, which might be found in the SolidCP documentation.
Outbound emails might be limited by the SPF record. But aren't required to be listed anywhere.
So he may be able to use this system for outbound emailing.
[In order to be included in the inbound emails, then an MX record (and cost) would have to be added]
What MochaHost says is that they tried to attribute Let's Encrypt to the SmarterMail server using the SolidCP tool for that, and it didn't work. They want me to buy a SSL certificate, saying that would work. I don't understand the difference.
I found a tutorial about integrating Let's Encrypt with SmarterMail, but it uses a different tool than the one Mocha authorizes to use. So I'm stuck on that. If I use the tool on the SmarterMail tutorial, they wave themselves of all the responsibilty for that, in the case of a crash or worse.
There are two popular and well documented Windows ACME clients (that I can think of).
If that guide doesn't solve your problem, I would try using PoshACME.
They should be able to integrate a certificate from Let's Encrypt just as easily as they could one from any other CA. (Let's Encrypt encourages automation more than other CAs do with the 90-day-only certificates, but from a technical perspective it works the same way as any other certificate.)
