Is there a way to leverage LE to secure SMTP without having a web server?

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: bkvi.net

I ran this command:

It produced this output:

My web server is (include version): No web server available

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: Networksolutions to host DNS; Local server mail.bkvi.net to host mail/SMTP/IMAP

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Haven't setup certbot yet.

2 Likes

Using HTTP is the most straightforward way to do the authentication part of getting a certificate.

(DNS and TLS-ALPN being the other ways, but they are much harder to operationalize).

Even if you don't have an HTTP server, Certbot can temporarily act as one for you. All it requires is that you (even temporarily) open port 80.

For example:

certbot certonly --standalone -d mail.bkvi.net \
--pre-hook "ufw allow http" --post-hook "ufw deny http"

(or whatever is appropriate).

5 Likes

That does the trick then. Perfect. Thanks.

4 Likes