Proxy server_Applying ssl certificates_mail server - SomethingWithHorizons/mailserver GitHub Wiki

Procedure

1. Edit /etc/dovecot/conf.d/10-ssl.conf to swap the self-signed certificates with those provided by Let's encrypt.:

   # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
   # dropping root privileges, so keep the key file unreadable by anyone but
   # root. Included doc/mkcert.sh can be used to easily generate self-signed
   # certificate, just make sure to update the domains in dovecot-openssl.cnf
   #ssl_cert = </etc/dovecot/dovecot.pem
   #ssl_key = </etc/dovecot/private/dovecot.pem
   - ssl_cert = </etc/ssl/certs/mailserver.pem
   - ssl_key = </etc/ssl/private/mailserver.pem
   + ssl_cert = </etc/letsencrypt/live/example.org/fullchain.pem
   + ssl_key = </etc/letsencrypt/live/example.org/privkey.pem
   

   :warning: Replace example.org by your domain.

2. Enable SSL for Postfix (the equivalent as for dovecot described above):

   postconf -e "smtpd_tls_cert_file=/etc/letsencrypt/live/example.org/fullchain.pem"
   postconf -e "smtpd_tls_key_file=/etc/letsencrypt/live/example.org/privkey.pem"
   

   -e Edit Postifix' main.cf, this ensures that the configuration change is not accidentally interpreted by the shell.

   :warning: Replace example.org by your domain.

3. Reload the configuration files into Postfix and Dovecot to effectuate the changes:

   service postfix reload
   service dovecot reload