How to use Let's Encrypt certificates with Postfix/Dovecot software

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

Question:
I was wondering how I configure my email server to use the Let’s Encrypt for out going emails so they can be encrypted and so that other email services can validate that those emails are coming from my server.

My domain is:
pimail.email

My web server is (include version):
Apache 2 (web) Postfix/Dovecot (email) and Rainloop (webmail - hosted using Apache)
The operating system my web server runs on is (include version):
Raspbian on Raspberry Pi 2 (Based on Debian 9)
My hosting provider, if applicable, is:
N/A - Self hosted
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): Certbot 0.28.0

Hi @Windows10User

that shouldn’t be difficult.

Your doman has already a certificate. So you know the location of the certificate files (key and certificate).

So use these paths + files in your Postfix/Dovecot config files.

in /etc/dovecot/conf.d/10-ssl.conf add

ssl_cert = </etc/path/to/your/cert.pem
ssl_key = </etc/path/to/your/key.pem

read also https://wiki.dovecot.org/SSL/DovecotConfiguration

in /etc/postfix/main.cf add

smtpd_tls_cert_file = /etc/path/to/your/cert.pem
smtpd_tls_key_file = /etc/path/to/your/key.pem

read also http://www.postfix.org/TLS_README.html

2 Likes

… and don’t forget to restart both services.

1 Like

Thanks, I was also wondering, since I’ve also used certbot with pimail.email and not www.pimail.email or mail.pimail.email, do I need to extend the certificates to include them? And if so how do I do it?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.