dockerized icon indicating copy to clipboard operation
dockerized copied to clipboard

Published 20 hours ago verified publisher icon iredmail

Add support for Lets Encrypt cert

Open RaananHadar opened this issue 3 years ago • 8 comments
trafficstars

Just wanted to say that this is an extremely cool project!

I fully understand that this is a beta and this can take awhile. I really hope for being able to get a lets encrypt cert instead of a manual cert when possible.

RaananHadar avatar Feb 04 '22 18:02 RaananHadar

My temporary workaround is having a cronjob run 30mins after the certbot one and copying the certs to the iredmail/data/ssl folder on the host giving them the right names.

cert.pem -> cert.pem
fullchain.pem -> combined.pem
privkey.pem -> key.pem

Then I restart the entire container since I found just restarting the services postfix, dovecot, nginx, mysql leaves them broken sometimes.

P.S.: having it be able to identify the letsencrypt/certbot names would be very cool tho

BigBrainAFK avatar Apr 03 '22 10:04 BigBrainAFK

Hi, I have a similar problem,

When replacing said files the server nginx dosn't start anymore, it just keeps crashing, I suspect this is because of the dhparam files.

rilendorf avatar Apr 14 '22 13:04 rilendorf

@DerZombiiie For me it works as expected but you have to absolutely make sure to copy the file and not use symlinks and obviously rename them accordingly.

BigBrainAFK avatar Apr 14 '22 13:04 BigBrainAFK

oh, thats the problem, I used symlinks. Thanks a lot!

rilendorf avatar Apr 15 '22 22:04 rilendorf

I have my keys as .crt (R3, ISRG Root X1 and DST Root CA X3 certificates inside) and .key (EC private key inside). How should I convert it to key.pem, cert.pem and combined.pem and restart all services automatically when the certificates change?

tpimh avatar Apr 16 '22 16:04 tpimh

I have my keys as .crt (R3, ISRG Root X1 and DST Root CA X3 certificates inside) and .key (EC private key inside). How should I convert it to key.pem, cert.pem and combined.pem and restart all services automatically when the certificates change?

Just extract the certificate from the .crt since that would be the combined file

BigBrainAFK avatar Apr 16 '22 16:04 BigBrainAFK

I mount the entire /etc/letsencrypt folder into the iredmail docker under /etc/letsencrypt and create symlinks in /opt/iremail/ssl to point to the correct key and pem files. My cron job will try to update the cert file every month and will restart the container if the cert is updated. So far no issues.

fleek avatar Jul 21 '22 06:07 fleek

My temporary workaround is having a cronjob run 30mins after the certbot one and copying the certs to the iredmail/data/ssl folder on the host giving them the right names.

cert.pem -> cert.pem
fullchain.pem -> combined.pem
privkey.pem -> key.pem

Then I restart the entire container since I found just restarting the services postfix, dovecot, nginx, mysql leaves them broken sometimes.

P.S.: having it be able to identify the letsencrypt/certbot names would be very cool tho

Solved my problem, thank you

homuraLan avatar Aug 09 '23 07:08 homuraLan