Control Web Panel
WebPanel => SSL => Topic started by: scottl31 on February 03, 2019, 10:31:12 PM
-
Hi,
Setting the SSL for the main domain was surprisingly fast and easy.
How can it be applied to the mail server?
My host in postfix is:
Current Settings in Postfix:
mydomain = example.com
myhostname = mail.example.com
Anyone know how to add the SSL to mail.example.com so that mail clients can connect securely?
Thanks!
-
Hi,
Here is what I made to add a SSL for my mail server:
Keep in mind: The location for generated csr and key are in /etc/pki/tls/certs (for csr) and /etc/pki/tls/private (for key)
1. I bought a SSL certificate Comodo Positive SSL (it was the cheapest, any certificate would do this trick.) for the hostname (in your example: mail.domain.example).
2. Upload the generated certificates (yourdomainname.crt and yourdomainname.ca-bundle) on /etc/pki/tls/.
3. Combine the uploaded files into one:
cat /etc/pki/tls/yourdomainname.crt /etc/pki/tls/yourdomainname.ca-bundle >> /etc/pki/tls/certificate.crt
4. Open /etc/postfix/main.cf and edit the lines:
smtpd_tls_cert_file=/etc/pki/tls/certificate.crt
smtpd_tls_key_file=/etc/pki/tls/private/yourdomainname.key
5. Delete from /etc/postfix/main.cf the lines with CAcert file, I had 2 of them in the file.
6. Open /etc/dovecot/dovecot.conf and edit the lines:
ssl_cert = </etc/pki/tls/certificate.crt
ssl_key = </etc/pki/tls/private/yourdomainname.key
7. Save and close the files, restart mail services, and your mail server SSL is working 100%.
Just be sure to enter the right path for your files! Verify your paths first.
-
Is this not possible with the free Let's Encrypt one available through the Web Panel?
-
Here it is : goo.gl/Ys764T , This is google short link url .
direct link: http://forum.centos-webpanel.com/ssl/install-let'sencrypt-for-admin-panel-user-panel-again-100-working/
I wrote a blog on http://forum.centos-webpanel.com regarding Let's Encrypt SSL Certificate for CentOS Web Panel when "Letsencrypt Manager" option was exist under Apache Settings >> Letsencrypt Manager >> Install Letsencrypt .
At Present CWP Team has been removed "Letsencrypt Manager" that's why it will not renew any cert automatic . They made Auto SSL by default but Auto SSL grade is B and I'm not satisfied with Auto SSL.
Previous Article Link : http://forum.centos-webpanel.com/ssl/install-letsencrypt-ssl-certificate-for-your-server-hostnamefqdn-100-working/
-
Ok, even though you don't like it, can auto ssl be put on the mail server?
-
I agree with Scott and I would like to know how to secure the webmail using Let's Encrypt, AutoSSL or whatever free options are available.
Not automatically securing every web-based service seems like an oversight.
-
You can install LE SSL via CWP => Server Settings => Change Hostname and use the https://hostname:2095/ for the access