Quantcast
Channel: Sentora Support Forums - All Forums
Viewing all articles
Browse latest Browse all 4648

Lets Encrypt TLS set up

$
0
0
Happy Weekend to ALL.
let me start by saying thanks to all the hard work you guys/girls put into Sentora.
I've spent the last 2 days wading through endless posts & threads
all asking the same question with different answers.
Could not fing a strainght forward guide...
I also done hundreds of searches on the forum for the simple answer..


this is what i've done so far is:

1. used this thread http://forums.sentora.org/showthread.php?tid=2535
(Secure Sentora Domains with Let's Encrypt)
to get cert for
mail.123hosting.tk

2. used this thread http://forums.sentora.org/showthread.php?tid=46
(Ubuntu: How to setup TLS on postfix and dovecot)
started at no3


Code:
nano /etc/postfix/main.cf

4: find # tls config and added

smtp_use_tls = no
smtpd_use_tls = yes
smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
smtpd_tls_key_file = /etc/letsencrypt/live/mail.123hosting.tk/privkey.pem
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.123hosting.tk/cert.pem
smtpd_tls_CAfile = /etc/letsencrypt/live/mail.123hosting.tk/fullchain.pem

and removed  what was there before Smile
------------------------------------------------

5: edit master.cf (did what the guide said)

------------------------------------------------

6: configure Dovecot

Code:
Code:
nano /etc/dovecot/dovecot.conf

and changed
Code:
ssl = no to ssl = yes
  and added this below it:

ssl_key = </etc/letsencrypt/live/mail.123hosting.tk/privkey.pem
ssl_cert = </etc/letsencrypt/live/mail.123hosting.tk/cert.pem
ssl_ca = </etc/letsencrypt/live/mail.123hosting.tk/fullchain.pem

Code:
Code:
service postfix restart
service dovecot restart



CHECKED at
http://www.checktls.com/perl/TestReceiver.pl

EVERYTHING Green OK apart from CERT failed

this is error in report :

[Image: TLS-supportat123hosting.tk-Error.png]

Hopefully one of the more experience members of this forum / sentora project can help this newbie...
beleive me I do appreciate all the help and guidance i've receieved so far and once i can get my sentora into production not on a grand scale.. I will more than happily donate some to the cause

?Thanks Smile

P.S this is the developement domain i'm using until it works stable. then i will be go-daddy domain on production set up Smile

Viewing all articles
Browse latest Browse all 4648

Trending Articles