Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com ), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: 2e0epv.com
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version): Ubuntu 20.04.1 LTS
My hosting provider, if applicable, is: Digital Ocean
I can login to a root shell on my machine (yes or no, or I donât know): Yes
Iâm using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if youâre using Certbot): certbot 0.40.0
Iâm trying to figure out how to install letsencrypt on my digital ocean virtual machine but Iâm not sure how to use the API Method.
Hi @KyleBrown
checking your domain there is no ip address defined - https://check-your-website.server-daten.de/?q=2e0epv.com
Host
Type
IP-Address
is auth.
â Queries
â Timeout
2e0epv.com
A
yes
1
0
AAAA
yes
www.2e0epv.com
Name Error
yes
1
0
*.2e0epv.com
A
Name Error
yes
AAAA
Name Error
yes
CNAME
Name Error
yes
Add an A-entry with your ip address, then create a working port 80 vHost, then start with certbot
.
Digital Ocean API Method?
What's that?
Sorry JurgenAuer, this is for postfix and webmail.
That's not relevant where you want to use the certificate (or: It's only the installation question, not the validation question).
The first question: http or dns validation.
Read
When you get a certificate from Letâs Encrypt, our servers validate that you control the domain names in that certificate using âchallenges,â as defined by the ACME standard. Most of the time, this validation is handled automatically by your ACME...
Your mail subdomain has an ip address, a Roundcube login and a nginx - https://check-your-website.server-daten.de/?q=mail.2e0epv.com
So start with
certbot --nginx -d mail.2e0epv.com
PS: What's that?
Issuer
not before
not after
Domain names
LE-Duplicate
next LE
Let's Encrypt Authority X3
2020-09-05
2020-12-04
mail.2e0epv.com - 1 entries
Let's Encrypt Authority X3
2020-09-05
2020-12-04
mail.2e0epv.com - 1 entries
Let's Encrypt Authority X3
2020-09-05
2020-12-04
mail.2e0epv.com - 1 entries
Let's Encrypt Authority X3
2020-09-05
2020-12-04
mail.2e0epv.com - 1 entries
Let's Encrypt Authority X3
2020-09-04
2020-12-03
mail.2e0epv.com - 1 entries
You have already created a lot of certificates. Why do you want to create the next?
Use one of these 60 - 85 days, then create the next.
_az
September 19, 2020, 10:24am
5
If youâre following along with https://certbot.eff.org/lets-encrypt/ubuntufocal-other , you can click onto the âWildcard tabâ which will explain how to install Certbot + the Digital Ocean DNS plugin.
The documentation for actually using the Digital Ocean API with Certbot can be found here: https://certbot-dns-digitalocean.readthedocs.io/en/stable/ . It includes actual example commands for acquiring the certificates.
As @JuergenAuer mentions, you might just be able to use certbot --nginx
instead. It would be simpler, and then you can use that same certificate for your Postfix server.
1 Like
root@Mail-Server:~# certbot --nginx Saving debug log to /var/log/letsencrypt/letsencrypt.log
The requested nginx plugin does not appear to be installed
root@Mail-Server:~#
_az
September 19, 2020, 10:38am
7
How did you install Certbot? If it was from apt
, then I think you need to add:
apt install python3-certbot-nginx
Running the certbot --nginx command I get this output.
_az
September 19, 2020, 11:12am
9
I would choose (1), since you want to use that certificate for Roundcube/webmail. This should automatically secure the webmail for you.
Then, you will also need to manually configure Postfix to use the certificate.
You can use https://ssl-config.mozilla.org/#server=postfix&version=3.4.8&config=intermediate&openssl=1.1.1d&guideline=5.4 to guide you.
The certificate path is /etc/letsencrypt/live/mail.2e0epv.com/fullchain.pem
and the private key path is /etc/letsencrypt/live/mail.2e0epv.com/privkey.pem
.
Does the end of the path need a ; on the end?
Horray! It finally works! Thanks to everyone on the letsencrypt forums for your help, it wouldnât have been possible without you! <3
3 Likes
system
Closed
October 19, 2020, 11:40am
14
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.