letsencrypt

Uses the acme.sh utility to validate and install TLS certificates from Let's Encrypt.

. mail-toaster.sh && provision letsencrypt

Sample output

More Info

There are three vhosts where certs are installed:

Haraka (smtp)
- /data/haraka/config/tls
Dovecot (IMAP & POP3)
- /data/dovecot/etc/ssl
Haproxy (HTTP)
- /data/haproxy/ssl.d/

Haproxy and Haraka will load and use all the certificates found in their respective TLS directories. Haproxy supports live reloads of the TLS certificates. Restarting Haraka is required to add new certs.

Dovecot requires configuration for each certificate (vhost). See the Dovecot SSL docs and especially the bits about SNI

Limitations

Firewalls: if a network device is blocking port 80 requests to your server, this step will not work.

Testing TLS configuration

High Tech Bridge SSL Server Test
SSL Labs Server Test (https only)
Cipherli.st
openssl
- openssl s_client -connect mail.example.com:587 -starttls smtp -tlsextdebug -status
- openssl s_client -connect mail.example.com:993 -servername mail.another-example.com

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

letsencrypt

letsencrypt

More Info

Limitations

Testing TLS configuration

Mail Toaster 6

Clone this wiki locally