I setup ssl for server.domain.com hostname for ispconfig itself and created a vhost with hostname mail.domain.com and also set ssl for that hostname for mail ssl. And in postfix I pointed to this ssl path: Code: # TLS parameters smtpd_tls_cert_file = /etc/letsencrypt/live/mail.domain.com/fullchain.pem smtpd_tls_key_file = /etc/letsencrypt/live/mail.domain.com/privkey.pem myhostname = mail.domain.com And was able to confirm tls https://ssl-tools.net/mailservers/ here. Problem is Thunderbird setup runs fine on first mail account setup (can send and recieve mails with ssl enabled ports 465 - 995) but if I restart Thunderbird, it ask for ssl exception popup and there it points ssl is pointing to server.domain.com NOT mail.domain.com Do I really have to use server.domain.com for incoming and outgoing servers ? When thunderbird show popup for securtiy alert, there I see mail.domain.com:995 and if I remove :995 it can validate ssl fine. I setup mail on my myEmail app on mobile device. And it works fine. It could be related to Thunderbird?
Ok I had to set cert path in dovecot.conf ssl_cert = </etc/letsencrypt/live/mail.domain.com/fullchain.pem ssl_key = </etc/letsencrypt/live/mail.domain.com/privkey.pem So far seem fines.
The way you did this is not recommended as your setup will break on the next update. Undo the changes that you made in dovecot.conf file, same with postfix main.cf that you changed in a not update safe way, and then use symlinks as shown here: https://www.howtoforge.com/tutorial/securing-ispconfig-3-with-a-free-lets-encrypt-ssl-certificate/
Thank you for warning. Is that ok if I set: Code: ln -s /etc/letsencrypt/live/mail.domain.com/fullchain.pem smtpd.cert ln -s /etc/letsencrypt/live/mail.domain.com/privkey.pem smtpd.key instead of: Code: ln -s /usr/local/ispconfig/interface/ssl/ispserver.crt smtpd.cert ln -s /usr/local/ispconfig/interface/ssl/ispserver.key smtpd.key Also I think of setting smtpd_tls_security_level = may to encrypt Would it get overwritten next update?
Also postfix and dovecot did not like it. Dovecot service does not start and mail client make timeout error. I want to be able to use mail.domain.com ssl hostname for mail clients. This server is only holding one web site.
Ok my bad. It is running fine. One more question, I want to change smtpd_tls_security_level = encrypt Will it also get lost with update? How to protect it ?