We are trying to get dovecot mailserver running under SSL using the certbot cert for the site:
We have a composite LE cert that includes four https vhosts plus the mail vhost. All five sites get an “A” from Qualys.
The mail server has its own vhost mail.privustech.com and comprises dovecot and postfix on the host server (
hostname lavarre) as well as the vhost at
/srv/www/htdocs/mailprivustech. The vhost is accessible by wwwrun:www and readable at
However we have determined that ordinary web certificates from letsencrypt.org cannot be used with mailservers:
Email encryption and code signing require a different type of certificate.
So we now try to obtain a standalone cert for the mail server.
certbot certonly --webroot -w /srv/www/htdocs/mailprivustech -d mail.privustech.com
We use the staging version for testing:
certbot certonly --staging --webroot -w /srv/www/htdocs/mailprivustech -d mail.privustech.com
It fails with **The client lacks sufficient authorization**,
although certbot has root privileges:
-rwxr-xr-x 1 root root 384 Jan 12 08:54 /usr/bin/certbot
and the webroot is world-readable by wwwrun:www
We also tried
--webroot-path /srv/www/htdocs, /srv/www, and /var/www.
listen 80 and
listen 993 is commented out, since if apache listens on 993 then dovecot fails.
Any clues would be gratefully accepted.
Thanks in advance, Andy