Add your letsencrypt certs to postfix, dovecot, ispconfig, pureftp

Discussion in 'Tips/Tricks/Mods' started by Tom Sampson, Dec 9, 2018.

Tags:
  1. Tom Sampson

    Tom Sampson New Member

    Here is a little tip that may help someone, and it's probably on here already somewhere. After you setup your ISPConfig server, create your primary domain (i.e. mydomain.com), and have a working cert from letsencrypt, you can use that cert for postfix, dovecot, ispconfig, pureftp, etc. by creating symbolic links. This way, each time the cert updates automatically, you won't have to worry about doing it manually. There is one exception that I've found so far, pure-ftp requires a format that requires a cron job (at the end).

    For example:
    Code:
    # create sym links to your letsencrypt 
cd /usr/local/ispconfig/interface/ssl/
mv ispserver.crt ispserver.crt-$(date +"%y%m%d%H%M%S").bak
mv ispserver.key ispserver.key-$(date +"%y%m%d%H%M%S").bak
ln -sf /etc/letsencrypt/live/mydomain.com/fullchain.pem ispserver.crt
ln -sf /etc/letsencrypt/live/mydomain.com/privkey.pem ispserver.key

# now you need to create for pureFTP
mv ispserver.pem ispserver.pem-$(date +"%y%m%d%H%M%S").bak
cat ispserver.{key,crt} > ispserver.pem
chmod 600 ispserver.pem

# create link for pureFTP
cd /etc/ssl/private/
ln -sf /usr/local/ispconfig/interface/ssl/ispserver.pem pure-ftpd.pem
chmod 600 pure-ftpd.pem

# edit postfix main config
nano /etc/postfix/main.cf

# comment out the old and replace with these
smtpd_tls_cert_file = /etc/letsencrypt/live/mydomain.com/cert.pem
smtpd_tls_key_file = /etc/letsencrypt/live/mydomain.com/privkey.pem
smtpd_tls_CAfile = /etc/letsencrypt/live/mydomain.com/fullchain.pem

nano /etc/dovecot/dovecot.conf

# comment out the old and replace with these
ssl_cert = </etc/letsencrypt/live/mydomain.com/fullchain.pem
ssl_key = </etc/letsencrypt/live/mydomain.com/privkey.pem

# now restart the services
service postfix reload
service dovecot reload
service apache2 restart
service pure-ftpd-mysql restart

# ! don't forget to add a cron job to keep pureftp updated each time cert renews 
# something like this...

#!/bin/sh
cd /usr/local/ispconfig/interface/ssl/
mv ispserver.pem ispserver.pem-$(date +"%y%m%d%H%M%S").bak
cat ispserver.{key,crt} > ispserver.pem
chmod 600 ispserver.pem
     
    Tom Sampson, Dec 9, 2018
    #1
    muekno, mlmateos and orfi like this.
  2. florian030

    florian030 Well-Known Member HowtoForge Supporter

    there is no need to change postfix/dovecot-configs. you can use symlinks like
    ln -s /use/local/ispconfig/interface/ssl/ispserver.crt /etc/postfix/smtpd.cert
    ln -s /use/local/ispconfig/interface/ssl/ispserver.key /etc/postfix/smtpd.key
     
    florian030, Dec 9, 2018
    #2
    Th0m, orfi, muelli75 and 1 other person like this.
  3. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Th0m, Jun 4, 2020
    #3

Share This Page