Hello, i tried to input new SSL cert. Problem is, that after update, i can receive emails, but sending: - via pc (f.e. thunderbird) ask for confirm exception (when i press download cert is not possible), - via iOS - cannot be possible via 587 port with STARTTLS, Errors in log: Code: TLS handshaking: SSL_accept() failed: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown: SSL alert number 46 Code: hosting postfix/smtpd[21163]: timeout after STARTTLS from host What i can made wrong ? Before it works with old certs.
Apple has removed startssl from the list of valid SSL authorities, so you can not use startssl certs on apple devices anymore. Other web browser removed it as well as far as I know, so using startssl is not an option anymore. Better use letsencrypt if you want to use a free ssl cert.
It's clear, to start with letsencrypt. But problem is, that with letsencrypt everything works with added domains Code: certbot auth --text --agree-tos --standalone --email postmaster@`hostname -d` -d `hostname -f` -d mail.`hostname -f but doesn't work with add ssl cert to postfix from ispconfig. Sample: - ispconfig is located on hosting.xxxxx.eu - when i add new website f.e. www.sampledomain.eu and add certbot <- ssl is ok integrated, https://www.sampledomain.eu works, - postfix for https://www.sampledomain.eu (f.e. thunderbird) give error, even if i add into cerbot next subdomains, - www for ispconfig is without ssl cert. Do you have some tutorial or samples how to do this correctly ?
Ok, problem solved, on ubuntu 16.10 Code: cd /tmp/ letsencrypt auth --text --agree-tos --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@`hostname -d` --domains `hostname -f` --webroot-path /usr/local/ispconfig/interface/acme dt=`date '+%Y%m%d%H%M%S'` cd /usr/local/ispconfig/interface/ssl/ for ext in csr key.secure key crt; do if [ -f ispserver.$ext ]; then mv ispserver.$ext ispserver.$ext.old.$dt; fi; done ln -s /etc/letsencrypt/live/`hostname -f`/privkey.pem ispserver.key ln -s /etc/letsencrypt/live/`hostname -f`/fullchain.pem ispserver.crt service apache2 restart
Does letsencrypt work the same way as startssl? Can I follow the same tutorial: https://www.howtoforge.com/securing...h-a-free-class1-ssl-certificate-from-startssl
Letsencrypt with ISPConfig: https://www.howtoforge.com/community/threads/securing-your-server-with-lets-encrypt.75554/
