How to use LetsEncrypt for a mail-only server?

74rku5 · March 22, 2017, 8:18pm

I’m standing up a single-purpose mail server. Yes, I’m a glutton for punishment, but I would benefit from the experience.

Is it possible to use LetsEncrypt for such a purpose – without have a web server? I guess the verification check would need to talk back over 443? And would the same be necessary for renewing?

So this leads me to think…what if I stood up Apache or Nginx, only opened port 443, and then only allowed connections from the LetsEncrypt IPs? Would that work?

Osiris · March 22, 2017, 8:56pm

Verification can be done through the http-01 challenge (TCP port 80), tls-sni-01 challenge (TCP port 443) or the dns-01 challenge (well, DNS…).

The EFF client certbot can function as a temporary webserver with the standalone plugin. See the documentation for more info: https://certbot.eff.org/docs/using.html#standalone

system · April 21, 2017, 8:56pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Mail.example.org on different servers	1	1595	March 15, 2016
Certs for Mailserver different from Webserver Help	6	4683	May 19, 2017
Secure mail, FTP servers Server	15	10881	November 23, 2016
How can I get certificate if I have no control over a website? Help	4	1105	August 1, 2017
Letsencrypt renewals for separate server Issuance Tech	3	2246	July 24, 2016

How to use LetsEncrypt for a mail-only server?

Related topics