dovecot - Aug 2017 - is a self signed certificate always invalid the first time?

Cheers Remko and Ralph. I think there was some mention in the lets encrypt FAQ
that certbot doesn't do email.

But I understand I can use their generated very for dovecot, postfix and https?
That would be good indeed.

Anyone know of any manual, or can I just replace the certs in the dovecot and
postfix locations with theirs? Do dovecot, postfix and apache all support .pem
format?

Sent from my iPhone
> On 9 Aug 2017, at 17:07, Ralph Seichter <m16+dovecot at
monksofcool.net> wrote:
> 
>> On 09.08.2017 17:49, Alef Veld wrote:
>> 
>> I think let?s encrypt uses certbot though and it can?t do email
>> certificates (although i?m sure i can convert the cert i get from
>> let?s encrypt, i?ll look into it.
> 
> I'm not sure what you mean by "can?t do email certificates"?
In any
> case, Let's Encrypt issues certificates that can be used by Dovecot
> for IMAP and simultaneously by Apache or nginx for HTTPS and Postfix
> for SMTP. The certificates are issued for servers, not for specific
> software or protocols.
> 
> -Ralph

Yes, yes, and yes. 

This is what I do for https://webmail.lerctr.org, imap.lerctr.org,
smtp.lerctr.org, et al.


-- 
Larry Rosenman                     http://www.lerctr.org/~ler
Phone: +1 214-642-9640                 E-Mail: larryrtx at gmail.com
US Mail: 5708 Sabbia Drive, Round Rock, TX 78665-2106
 

On 8/9/17, 11:19 AM, "dovecot on behalf of Alef Veld"
<dovecot-bounces at dovecot.org on behalf of alefveld at outlook.com>
wrote:

    Cheers Remko and Ralph. I think there was some mention in the lets encrypt
FAQ that certbot doesn't do email.
    
    But I understand I can use their generated very for dovecot, postfix and
https? That would be good indeed.
    
    Anyone know of any manual, or can I just replace the certs in the dovecot
and postfix locations with theirs? Do dovecot, postfix and apache all support
.pem format?
    
    Sent from my iPhone
    
    > On 9 Aug 2017, at 17:07, Ralph Seichter <m16+dovecot at
monksofcool.net> wrote:
    > 
    >> On 09.08.2017 17:49, Alef Veld wrote:
    >> 
    >> I think let?s encrypt uses certbot though and it can?t do email
    >> certificates (although i?m sure i can convert the cert i get from
    >> let?s encrypt, i?ll look into it.
    > 
    > I'm not sure what you mean by "can?t do email
certificates"? In any
    > case, Let's Encrypt issues certificates that can be used by Dovecot
    > for IMAP and simultaneously by Apache or nginx for HTTPS and Postfix
    > for SMTP. The certificates are issued for servers, not for specific
    > software or protocols.
    > 
    > -Ralph

On 09.08.2017 18:18, Alef Veld wrote:
> Anyone know of any manual, or can I just replace the certs in the
> dovecot and postfix locations with theirs? Do dovecot, postfix and
> apache all support .pem format?
Google "dovecot letsencrypt" is your friend. ;-) If you have questions
about details, we can discuss them of course. Also, please limit your
replies to my messages to the mailing list; you keep triggering my spam
protection.

-Ralph

Thank you Ralph. I?ll have a look around myself first, don?t want others to
waste their time on my homework.

Sorry for some reason i get replies from every individual , so when i reply it
sends it to both.
I would expect replies to come from dovecot at dovecot.org as well.

I will strip the individual emails out and just reply to
dovecot.
> On 9 Aug 2017, at 17:30, Ralph Seichter <m16+dovecot at
monksofcool.net> wrote:
> 
> On 09.08.2017 18:18, Alef Veld wrote:
> 
>> Anyone know of any manual, or can I just replace the certs in the
>> dovecot and postfix locations with theirs? Do dovecot, postfix and
>> apache all support .pem format?
> 
> Google "dovecot letsencrypt" is your friend. ;-) If you have
questions
> about details, we can discuss them of course. Also, please limit your
> replies to my messages to the mailing list; you keep triggering my spam
> protection.
> 
> -Ralph

Great, i?ll try that out.
> On 9 Aug 2017, at 17:20, Larry Rosenman <larryrtx at gmail.com>
wrote:
> 
> Yes, yes, and yes. 
> 
> This is what I do for https://webmail.lerctr.org, imap.lerctr.org,
smtp.lerctr.org, et al.
> 
> 
> -- 
> Larry Rosenman                     http://www.lerctr.org/~ler
> Phone: +1 214-642-9640                 E-Mail: larryrtx at gmail.com
> US Mail: 5708 Sabbia Drive, Round Rock, TX 78665-2106
> 
> 
> On 8/9/17, 11:19 AM, "dovecot on behalf of Alef Veld"
<dovecot-bounces at dovecot.org on behalf of alefveld at outlook.com>
wrote:
> 
>    Cheers Remko and Ralph. I think there was some mention in the lets
encrypt FAQ that certbot doesn't do email.
> 
>    But I understand I can use their generated very for dovecot, postfix and
https? That would be good indeed.
> 
>    Anyone know of any manual, or can I just replace the certs in the
dovecot and postfix locations with theirs? Do dovecot, postfix and apache all
support .pem format?
> 
>    Sent from my iPhone
> 
>> On 9 Aug 2017, at 17:07, Ralph Seichter <m16+dovecot at
monksofcool.net> wrote:
>> 
>>> On 09.08.2017 17:49, Alef Veld wrote:
>>> 
>>> I think let?s encrypt uses certbot though and it can?t do email
>>> certificates (although i?m sure i can convert the cert i get from
>>> let?s encrypt, i?ll look into it.
>> 
>> I'm not sure what you mean by "can?t do email
certificates"? In any
>> case, Let's Encrypt issues certificates that can be used by Dovecot
>> for IMAP and simultaneously by Apache or nginx for HTTPS and Postfix
>> for SMTP. The certificates are issued for servers, not for specific
>> software or protocols.
>> 
>> -Ralph
> 
> 
>