You would add the following to your certbot command, which would then be saved to your configuration and simplify your life:
--post-hook "service postfix reload; service dovecot reload;"
1 Like
ok so only add this --post-hook "service postfix reload; service dovecot reload;" to contab -e
You might want to read my previous post more carefully, brother.
oh wait do this when i first setup certbot is that what you mean?
When youâre running this:
certbot certonly --cert-name mailcert --dns-digitalocean --dns-digitalocean-credentials ~/.secrets/certbot/digitalocean.ini --dns-digitalocean-propagation-seconds 60 --post-hook "service postfix reload; service dovecot reload;" -d mail.domain1.com,mail.domain2.com,etc
Once you run it and successfully get a certificate, the options you specified will be written to your certbot configuration file. Thatâs why you donât need to specify the options when you use renew. 
1 Like
ok great i get what you mean now my bad. first step is to install cerbot then create the DigitalOcean File once done set permissions then run what you just put.
1 Like
Exactly. Replacing the -d domains bit with your own stuff, of course. Donât create the cron until youâve successfully gotten a certificate though.
1 Like
Awesome cheers mate i have work to do tonight
1 Like
Looking forward to your success.
1 Like
Hi
There is no such location of ~/.secrets/certbot/digitalocean.ini when trying to create the file it says Directory root/ .secrets/certbot does not exist any ideas?
Fixed the problem by
mkdir ~/.secrets/
mkdir ~/.secrets/certbot
sudo nano ~/.secrets/certbot/digitalocean.ini
Thanks.
1 Like
I do hope your solution works.
But if not, I would have solved it this way:
If I understand your setup...
Your router/firewall splits:
- port 80,etc. goes to the web server
- port 25,etc. goes to the mail server
So when the mail server needs to authenticate via HTTP, that request goes to the web server.
Have the web server proxy http://mail.your.dom/.well-known/acme-challenge/ to the internal IP of the mail server.
1 Like
I visited the link you posted, but aside from Fortinet indicating phishing, I don't see anything else there. I am using an Android smartphone, so maybe our contents differ? Did I miss something?
I got no content - only the "do not enter" sign.
1 Like
Is your firewall on the lookout for extraterrestrials?
I wonder what phishing triggered the block? Maybe a cookie of some kind?
1 Like
My website is behind HaProxy and IDS. You will get a 503 error if you try accessing anything other than my 2 websites. Mail is not online yet as I am testing before I mess with my mail server. Ports are only open for 25. 993 and 587. Webmail is offline.
Can't replicate same problem your having when accessing my Web site no one else has mentioned this issue so most likely something to do with your end.
1 Like
You would have to be using a Fortinet firewall to see their block.
It would be difficult for anyone who is blocked from reaching your site to be able to communicate to you (through your site). So, I'm not sure if the logic of "no one is complaining" holds up here.
Yes, I've already established that with:
and:
So, again yes, one of my firewalls (Fortinet) is blocking my access to your site - due to "Phishing".
1 Like
Well ive just finished. and have everything up and running. Certs for all domains on Web mail and Certs for all domains for Postfix. up and running which is great.
2 Likes
No idea. doesn't happen to one else.
How would you know?
Did you know it is happening to me?