Op 04-04-2024 om 18:06 schreef Vladas Palubinskas via Info:
Hi,
2024-04-04 17:32 Paul van der Vlis via Info:
Difficult was also the fact that Cyrus runs completely as user Cyrus,
so it cannot read the certificates from certbot.
I have made three copies of the same certificate:
1. http.pem -rw-r--r-- 644 me:wheel — for hiawatha.conf (HTTP server);
2. imap.cert -r--r--r-- 444 cyrus:cyrus — for imapd.conf (Cyrus server)
with
imap.key -r-------- 400 cyrus:cyrus — its private key;
3. smtp.cert -r--r--r-- 444 root:mail — for myhost.cf (Sendmail server)
with
smtp.key -r-------- 400 root:mail — its private key.
Everything works smoothly, although I do not know if this is the best
way — I am not an experienced sysadmin.
That will work, but the certificates will not automatically renew.
And with letsencrypt you have to do that every 90 days.
What I did was this was this:
adduser cyrus ssl-cert
chown -R :ssl-cert /etc/letsencrypt/archive /etc/letsencrypt/live
chmod g+rx /etc/letsencrypt/archive /etc/letsencrypt/live
chmod -R g+r /etc/letsencrypt/archive/
And in /etc/imapd.conf:
tls_server_cert: /etc/letsencrypt/live/host.domain.nl/fullchain.pem
tls_server_key: /etc/letsencrypt/live/host.domain.nl/privkey.pem
With reggards,
Paul
--
Paul van der Vlis Linux systeembeheer Groningen
https://vandervlis.nl/
------------------------------------------
Cyrus: Info
Permalink: https://cyrus.topicbox.com/groups/info/T8d60d197a1e2469b-Mcf99209237f8eaa7f5380c8e
Delivery options: https://cyrus.topicbox.com/groups/info/subscription
