I came across this thread and wanted to share my solution to use a letsencrypt certificate also for
- postfix MTA / SMTP server and
- Cyrus IMAPd - IMAP server
This is working fine with different IMAP e-mail clients like Thunderbird, K9 mail, outlook, Apple Mail etc. on port 993 / 465
webserver and mailserver for the domain are running on the same machine, this makes things easier. Postfix and Cyrus are therefore using the same certificate. I’ve set up a cronjob to renew the certificate regularly and make sure that Postfix and cyrus can access the certficate (by adding read rights for group mail).
Cronjob (to be executed once a month as recommended):
OPTIONS=“certonly --renew-by-default --email firstname.lastname@example.org --agree-tos --text”
# Web & Mailserver
/etc/letsencrypt/letsencrypt-auto $OPTIONS --webroot -w /var/www/www.domain.xx/htdocs -d mail.domain.xx -d webmail.domain.xx
chgrp mail /etc/letsencrypt/archive /etc/letsencrypt/live
chmod g+rx /etc/letsencrypt/archive /etc/letsencrypt/live
# eventually restart web & mail servers to make sure the new certificates are used
The relevant cyrus config /etc/imapd.conf part looks like this:
Postfix config /etc/postfix/main.cfg:
It’s working fine, but I’m not sure about the CA-File part, maybe someone can comment about that?