| Search website: | |
|
Advanced Server Software
|
This page is out of date, please use our new website https://surgemail.com
Using LetsEncrypt with SurgeMail
This pages shows how to use letsencrypt with SurgeMail to create
SSL certificates.
SurgeMail Version 7.3j2 or later
With this version of surgemail ssl certificates are created and signed completely automatically for all domains, with one setting, no certbot or other external programs are required!- set g_ssl_auto "true"
- Set g_webmail_port "80,7080"
- Set g_ssl_per_domain "true" (recommended but not required!)
- RESTART SURGEMAIL AFTER CHANGING ABOVE SETTINGS!
- Issue the command: tellmail ssl_update (this need only be done once, the process of updates is then automatic)
- (Examine response carefully)
- tellmail ssl_reload (to ensure new certificates are being used)
- Check/test website remotely...
Requirements:
- Be sure your server is accessable on port 80 and make sure
outgoing connections on port 443 work
- Remove old g_letsencrypt setting.
- Each domain or url_host setting for each domain MUST point at
your server, if not, then the url_host should be changed to some
DNS entry that does point at your server. This is the
server name your users will set in their email clients,
typically mail.domain.name
Other situations...
If you have a web server on port 80, (other than surgemail), then
you can tell surgemail the path it needs to use
g_ssl_lets_path "/home/httpd/html/.well-known"
This folder must exist and be writable by the user 'mail', e.g.
mkdir /home/httpd/html/.well-known/acme-challenge
root@mail1:/usr/local/surgemail# chown mail /home/httpd/html/.well-known/acme-challenge
root@mail1:/usr/local/surgemail# chmod 0777 /home/httpd/html/.well-known/acme-challenge
When g_ssl_auto is turned on, the lets/... folder is used instead
of ssl/... so that any existing certificates are not over-written.
When g_ssl_per_domain is enabled, a sub folder for each domain is
created, with self signed certificates (if they don't exist).
So to disable you need to remove g_ssl_auto, and g_ssl_per_domain
(if you didn't use it previously), and restart surgemail.
