How to use LetsEncrypt for a mail-only server?


#1

I’m standing up a single-purpose mail server. Yes, I’m a glutton for punishment, but I would benefit from the experience.

Is it possible to use LetsEncrypt for such a purpose – without have a web server? I guess the verification check would need to talk back over 443? And would the same be necessary for renewing?

So this leads me to think…what if I stood up Apache or Nginx, only opened port 443, and then only allowed connections from the LetsEncrypt IPs? Would that work?


#2

Verification can be done through the http-01 challenge (TCP port 80), tls-sni-01 challenge (TCP port 443) or the dns-01 challenge (well, DNS…).

The EFF client certbot can function as a temporary webserver with the standalone plugin. See the documentation for more info: https://certbot.eff.org/docs/using.html#standalone


#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.