OpenSMTPD and Let's Encrypt


#1

I’m getting ready to deploy a new webmail server, and want to be running everything over SSL.

The HTTPS part is pretty simple, but I want to be able to use the same certs with OpenSMTPD (https://www.opensmtpd.org/faq/certificates.html) so that the mail server (which will initially be on the same host) connects via TLS.

Of the four files that form the LE cert collection (cert.pem, chain.pem, fullchain.pem, privkey.pem), which correspond to “mail.example.com.key” and “mail.example.com.crt” in the OpenSMTPD example (https://www.opensmtpd.org/faq/example1.html)?


#2

The key file ( “mail.example.com.key” in the example) is privkey.pem

The certificate file ( “mail.example.com.crt” in the example ) is fullchain.pem


#3

Hi wizzarddue

To clear up a bit more. You want to combine the intermediate certificates and the actual certificate into one file.

Some programs let you specify an intermediate file. OpenSMTPD requires it to be in one file.

Usually I believe the certificate issued do have an intermediate certificate but it’s worthwhile checking.

KB: https://github.com/OpenSMTPD/OpenSMTPD/issues/292
Manual: https://opensmtpd.org/faq/certificates.html

Relevant section:

pki hostname certificate certfile

Associate the certificate located in certfile with
hostname.
A certificate chain may be created by appending one or many certificates,
including a Certificate Authority certificate, to certfile.
Creation of certificates is documented in
starttls(8).


#4

The fullchain.pem suggested is a combination of the certificate and intermediate :wink:


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.