Control Web Panel

WebPanel => SSL => Topic started by: scottl31 on February 03, 2019, 10:31:12 PM

Title: SSL for the mail server?
Post by: scottl31 on February 03, 2019, 10:31:12 PM
Hi,

Setting the SSL for the main domain was surprisingly fast and easy.

How can it be applied to the mail server?

My host in postfix is:

Current Settings in Postfix:
mydomain = example.com
myhostname = mail.example.com

Anyone know how to add the SSL to mail.example.com so that mail clients can connect securely?

Thanks!
Title: Re: SSL for the mail server?
Post by: Mihai on February 03, 2019, 11:22:58 PM
Hi,

Here is what I made to add a SSL for my mail server:

Keep in mind: The location for generated csr and key are in /etc/pki/tls/certs (for csr) and /etc/pki/tls/private (for key)

1. I bought a SSL certificate Comodo Positive SSL (it was the cheapest, any certificate would do this trick.) for the hostname (in your example: mail.domain.example).
2. Upload the generated certificates (yourdomainname.crt and yourdomainname.ca-bundle) on /etc/pki/tls/.
3. Combine the uploaded files into one:
Code: [Select]
cat /etc/pki/tls/yourdomainname.crt /etc/pki/tls/yourdomainname.ca-bundle >> /etc/pki/tls/certificate.crt4. Open /etc/postfix/main.cf and edit the lines:
Code: [Select]
smtpd_tls_cert_file=/etc/pki/tls/certificate.crt
smtpd_tls_key_file=/etc/pki/tls/private/yourdomainname.key
5. Delete from /etc/postfix/main.cf the lines with CAcert file, I had 2 of them in the file.
6. Open /etc/dovecot/dovecot.conf and edit the lines:
Code: [Select]
ssl_cert = </etc/pki/tls/certificate.crt
ssl_key = </etc/pki/tls/private/yourdomainname.key
7. Save and close the files, restart mail services, and your mail server SSL is working 100%.

Just be sure to enter the right path for your files! Verify your paths first.
Title: Re: SSL for the mail server?
Post by: scottl31 on February 04, 2019, 04:05:33 AM
Is this not possible with the free Let's Encrypt one available through the Web Panel?
Title: Re: SSL for the mail server?
Post by: glorency on February 04, 2019, 04:14:29 PM
Here it is : goo.gl/Ys764T , This is google short link url .

direct link: http://forum.centos-webpanel.com/ssl/install-let'sencrypt-for-admin-panel-user-panel-again-100-working/

I wrote a blog on http://forum.centos-webpanel.com regarding Let's Encrypt SSL Certificate for CentOS Web Panel when "Letsencrypt Manager"  option was exist under Apache Settings >> Letsencrypt Manager >> Install Letsencrypt .

At Present CWP Team has been removed "Letsencrypt Manager"  that's why it will not renew any cert automatic . They made Auto SSL by default but Auto SSL grade is B and I'm not satisfied with Auto SSL.

Previous Article Link : http://forum.centos-webpanel.com/ssl/install-letsencrypt-ssl-certificate-for-your-server-hostnamefqdn-100-working/
Title: Re: SSL for the mail server?
Post by: scottl31 on February 06, 2019, 01:08:54 AM
Ok, even though you don't like it, can auto ssl be put on the mail server?
Title: Re: SSL for the mail server?
Post by: Carl on May 25, 2019, 02:36:46 PM
I agree with Scott and I would like to know how to secure the webmail using Let's Encrypt, AutoSSL or whatever free options are available.

Not automatically securing every web-based service seems like an oversight.

Title: Re: SSL for the mail server?
Post by: Igor S. on June 01, 2019, 10:03:03 AM
You can install LE SSL via CWP => Server Settings => Change Hostname and use the https://hostname:2095/ for the access