Installing Postfix with Let's Encrypt certificate using Certbot (RHEL7)


#1

Please read the full howto at: https://pastebin.com/embed/TqLCQRNB

Note: Substitute ite.lat for your own domain. And the private and public IPs for your own.

$ sudo yum-config-manager --enable rhui-REGION-rhel-server-extras
$ sudo yum-config-manager --enable rhui-REGION-rhel-server-optional
$ sudo yum repolist all
$ wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
$ sudo rpm -Uvh epel-release-latest-7*.rpm
$ sudo yum install python-certbot-apache
$ sudo certbot --apache

  • Your certificate and chain have been saved at /etc/letsencrypt/live/
  • Lets encrypt certificates expire 90 days after they were issue.
  • To obtain a new or tweaked version of this certificate in the future,
    simply run certbot again with => certbot --apache certonly
  • To non-interactively renew all of your certificates,
    run with => certbot renew --dry-run
  • If that appears to be working correctly, you can arrange for automatic renewal
    by adding a cron or systemd job which runs the
    following => certbot renew --quiet

Install Postfix

$ sudo yum install postfix
$ sudo /etc/postfix/main.cf
- myhostname = host2.ite.lat
- mydomain = ite.lat
- myorigin = $mydomain
- inet_interfaces = $myhostname, localhost
- mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
mail.$mydomain, web.$mydomain
- mynetworks = 127.0.0.0/8, 172.31.42.125, 52.43.65.253, 192.100.230.21
- smtpd_banner = host ESMTP Sendmail 2.1
- smtpd_use_tls= yes
- smtp_use_tls = yes
- tls_preempt_cipherlist = yes
- smtpd_tls_security_level = may
- smtpd_tls_auth_only = yes
- smtpd_tls_cert_file=/etc/letsencrypt/live/web.ite.lat/fullchain.pem
- smtpd_tls_key_file=/etc/letsencrypt/live/web.ite.lat/privkey.pem
- smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
- smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
- smtpd_tls_protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1
- smtpd_tls_ciphers = high
- smtpd_tls_mandatory_ciphers = high
- smtp_tls_ciphers = high
- smtp_tls_mandatory_ciphers = high
- tls_high_cipherlist = ECDH+aRSA+AES256:ECDH+aRSA+AES128:AES256-SHA:AES128+EECDH:AES128+EDH

$ sudo postfix stop
$ sudo postfix start


#2

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.