Using LetsEncrypt with SurgeMail
This pages shows how to use letsencrypt with SurgeMail to create
SurgeMail Version 7.3j2 or later
With this version of surgemail ssl certificates are created and
signed completely automatically for all domains, with one setting, no
certbot or other external programs are required!
- set g_ssl_auto "true"
- Set g_webmail_port "80,7080"
- Set g_ssl_per_domain "true" (recommended but not
- RESTART SURGEMAIL AFTER CHANGING ABOVE SETTINGS!
- Issue the command: tellmail ssl_update (this need only
be done once, the process of updates is then automatic)
- (Examine response carefully)
- tellmail ssl_reload (to ensure new certificates are being
- Check/test website remotely...
- Be sure your server is accessable on port 80 and make sure
outgoing connections on port 443 work
- Remove old g_letsencrypt setting.
- Each domain or url_host setting for each domain MUST point at
your server, if not, then the url_host should be changed to some
DNS entry that does point at your server. This is the
server name your users will set in their email clients,
If you have a web server on port 80, (other than surgemail), then
you can tell surgemail the path it needs to use
This folder must exist and be writable by the user 'mail', e.g.
root@mail1:/usr/local/surgemail# chown mail
root@mail1:/usr/local/surgemail# chmod 0777
When g_ssl_auto is turned on, the lets/... folder is used instead
of ssl/... so that any existing certificates are not over-written.
When g_ssl_per_domain is enabled, a sub folder for each domain is
created, with self signed certificates (if they don't exist).
So to disable you need to remove g_ssl_auto, and g_ssl_per_domain
(if you didn't use it previously), and restart surgemail.
Testing your new certificate