Add your letsencrypt certs to postfix, dovecot, ispconfig, pureftp

Discussion in 'Tips/Tricks/Mods' started by Tom Sampson, Dec 9, 2018.

  1. Tom Sampson

    Tom Sampson New Member

    Here is a little tip that may help someone, and it's probably on here already somewhere. After you setup your ISPConfig server, create your primary domain (i.e. mydomain.com), and have a working cert from letsencrypt, you can use that cert for postfix, dovecot, ispconfig, pureftp, etc. by creating symbolic links. This way, each time the cert updates automatically, you won't have to worry about doing it manually. There is one exception that I've found so far, pure-ftp requires a format that requires a cron job (at the end).

    For example:
    Code:
    # create sym links to your letsencrypt 
    cd /usr/local/ispconfig/interface/ssl/
    mv ispserver.crt ispserver.crt-$(date +"%y%m%d%H%M%S").bak
    mv ispserver.key ispserver.key-$(date +"%y%m%d%H%M%S").bak
    ln -sf /etc/letsencrypt/live/mydomain.com/fullchain.pem ispserver.crt
    ln -sf /etc/letsencrypt/live/mydomain.com/privkey.pem ispserver.key
    
    # now you need to create for pureFTP
    mv ispserver.pem ispserver.pem-$(date +"%y%m%d%H%M%S").bak
    cat ispserver.{key,crt} > ispserver.pem
    chmod 600 ispserver.pem
    
    # create link for pureFTP
    cd /etc/ssl/private/
    ln -sf /usr/local/ispconfig/interface/ssl/ispserver.pem pure-ftpd.pem
    chmod 600 pure-ftpd.pem
    
    # edit postfix main config
    nano /etc/postfix/main.cf
    
    # comment out the old and replace with these
    smtpd_tls_cert_file = /etc/letsencrypt/live/mydomain.com/cert.pem
    smtpd_tls_key_file = /etc/letsencrypt/live/mydomain.com/privkey.pem
    smtpd_tls_CAfile = /etc/letsencrypt/live/mydomain.com/fullchain.pem
    
    nano /etc/dovecot/dovecot.conf
    
    # comment out the old and replace with these
    ssl_cert = </etc/letsencrypt/live/mydomain.com/fullchain.pem
    ssl_key = </etc/letsencrypt/live/mydomain.com/privkey.pem
    
    # now restart the services
    service postfix reload
    service dovecot reload
    service apache2 restart
    service pure-ftpd-mysql restart
    
    # ! don't forget to add a cron job to keep pureftp updated each time cert renews 
    # something like this...
    
    #!/bin/sh
    cd /usr/local/ispconfig/interface/ssl/
    mv ispserver.pem ispserver.pem-$(date +"%y%m%d%H%M%S").bak
    cat ispserver.{key,crt} > ispserver.pem
    chmod 600 ispserver.pem 
    
     
  2. florian030

    florian030 ISPConfig Developer ISPConfig Developer

    there is no need to change postfix/dovecot-configs. you can use symlinks like
    ln -s /use/local/ispconfig/interface/ssl/ispserver.crt /etc/postfix/smtpd.cert
    ln -s /use/local/ispconfig/interface/ssl/ispserver.key /etc/postfix/smtpd.key
     
    muelli75 and Tom Sampson like this.

Share This Page