Comments on Securing your ISPConfig 3 managed mailserver with a valid Let's Encrypt SSL certificate

If you're running your own mailserver, it's best practice to connect to it securely with a SSL/TLS connection. You'll need a valid certificate for these secure connections. In this tutorial, we'll set up a Let's Encrypt certificate for our mailserver that renews automatically.

9 Comment(s)

Add comment

Please register in our forum first to comment.

Comments

By: bikkser at: 2020-12-06 10:57:23
Reply  

I got some issues with the certificates for the domain aliases (smtp.domain.com & imap.domain.com). Both have server.domain.com as certificate name. I did configure those two aliases in ISPconfig as domain alias of mail.domain.com

By: Marco at: 2022-04-07 13:22:09
Reply  

In alternative at this tutorial it's possibile use smtp.nameserver.ip.ue and imap.nameserver.ip.ue in the configuration outlook or thunderbird?

Example imap.ns3080007.ip-100-209-2.eu ?

If so, what are the right parameters and ports to enter?

By: Olivier78 at: 2022-08-26 08:27:30
Reply  

I have a question regarding this tutorial: "but modified so you have a separate certificate for your mail server and control panel"

Does it mean you got 2 distincts SSL certificates :

- one SSL certificate for ispconfig's panel (which is created during automatic installation with the server's hostname) and other services (FTP)

- a second SSL certificate for Postfix/Dovecot only

 

I would like to setup a new ISPConfig 3.2 mail server but with several hostnames in the SSL certificates (imap.domain1.com, smtp.domain1.com, imap.domain2.com, smtp.domain2.com).

My current mail server is using ISPConfig 3.1 (certbot) where i followed instructions from https://www.howtoforge.com/tutorial/securing-ispconfig-3-with-a-free-lets-encrypt-ssl-certificate/ to use a common SSL certificates for all services & panel.

By: bmeirelles at: 2023-08-24 18:37:16
Reply  

Does this also work for webmail?

By: till at: 2023-08-25 06:42:28
Reply  

This is not directly related to webmail as webmail connects to localhost, so it does not matter for the webmail client how you have set up SSL on the server for the email system. A webmail client like RoundCube is just a website, so it's up to you to which website you add it or how you make it accessible to users. By default, webmail is accessible through the apps vhost on port 8081, and this vhost uses the same SSL cert used by the ISPConfig UI.

By: IvoR. at: 2023-11-20 07:19:49
Reply  

We have two dedicated mail server, managed by Ispconfig, the 2nd is a mirror from the 1st server. How we have to proceed for the 2nd one, becuase this one is not listet in the Sites/Website/Add new site/Server: dropdown list.

By: Mike Conom at: 2024-06-14 15:40:08
Reply  

I followed the instructions and when I ran https://www.sslshopper.com/ssl-checker.html in the results I only sawSAN: mail.example.com and not the others as imap.example.com and smtp.example.com

By: till at: 2024-06-14 15:49:06
Reply  

It might be that this SSL tester does not show you all domains, and it likely did not test the mail system but the system default vhost only. Create a mailbox and mail domain in ISPConfig, then add this mailbox in your mail client, if you do not get an SSL error, then the setup is fine. You can also try to enter https://imap.example.com in your browser, do you get a SSL error then?

If you need further help, then please post in the ISPconfig forum: https://forum.howtoforge.com/#ispconfig-3.23

By: Vagner at: 2025-02-15 18:20:17
Reply  

My dear friends, since I don't have much experience, I ended up installing Certbot in one version and then, during the updates, I also installed acme.sh.

Now I have both running and have been experiencing some SSL problems, especially in emails.

But the server is configured as in this post https://www.howtoforge.com/securing-your-ispconfig-3-managed-mailserver-with-a-valid-lets-encrypt-certificate/

I would like you to help me remove Certbot correctly, without causing too much damage?

Thank you.