One of my email addresses isn’t encrypted (thanks to Gmail for telling me). I’m going to use letsencrypt to add encryption for http://trusktr.io. I feel like there might be a catch 22 in that trusktr.io doesn’t have encryption at all (the cert expired and I’m switching to letsencrypt ), yet I’d like to use firstname.lastname@example.org for registration. I have some questions:
- Would I use letsecnrypt certs with my mail ports as well as :443? Or would I manage mail encryption separately from what letsencrypt provides?
- If in the previous question we can use the same certs on email ports as with :443, can I register with my non-encrypted address then apply the certs to the mail ports, before receiving any sensitive emails from the letsencrypt registration process?
I know I can just use my gmail address which is encrypted, but I’m curious.
Yes, to both of them. The only important emails sent out are the expiration notices which start at 19 days remaining. One thing to remember though is that if your MX is on a different subdomain to the webserver that needs to be in the SAN list.
Thanks @cool110. The email for all my domains are on the same server (a server on linode.com). Each domain in the linode.com DNS manager points mail.domain (mail.trusktr.io, f.e.) to the same IP address for the single “machine” that I run. When I make my certs, would I need to include
-d mail.trusktr.io -d mail.other.domain # etc, even though the services using those mail domains don’t use :443?
Yes, but you will also need a webserver responding on those domains (even if it’s just a redirect to the main one).
@cool110 There is, the mail server runs on the IP that all point to. Thanks! Now I just gotta figure out how to apply the cert to the mail server.