On 22/4/22 7:25 am, alice at coakmail.com wrote:> hello > > I have setup website using letsencrypt for certification. > how can I setup IMAP to use this certs as well? > > Thank you. >Make entries in /etc/dovecot/conf.d/10-ssl.conf ssl = required ssl_cert = </etc/letsencrypt/live/mail.example.com/cert.pem ssl_key = </etc/letsencrypt/live/mail.examplel.com/privkey.pem in /etc/dovecot/dovecot.conf or in /etc/dovecot/conf.d/10-ssl.conf put ssl_min_protocol = TLSv1.2 ssl_cipher_list = EECDH+AESGCM:EDH+AESGCM ssl_prefer_server_ciphers = yes You can override the global ssl certificates for specific domains in /etc/dovecot/dovecot.conf local special.example.com { ? protocol imap { ??? ssl_cert = </etc/letsencrypt/live/special.example.com/fullchain.pem ??? ssl_key = </etc/letsencrypt/live/special.example.com/privkey.pem ? } } -- Jeremy -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20220422/b7518851/attachment.htm> -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature Type: application/pgp-signature Size: 236 bytes Desc: OpenPGP digital signature URL: <https://dovecot.org/pipermail/dovecot/attachments/20220422/b7518851/attachment.sig>
> > On 22/4/22 7:25 am, alice at coakmail.com wrote: >> hello >> >> I have setup website using letsencrypt for certification. >> how can I setup IMAP to use this certs as well? >> >> Thank you. >> > Make entries in /etc/dovecot/conf.d/10-ssl.conf > > ssl = required > > ssl_cert = </etc/letsencrypt/live/mail.example.com/cert.pem > ssl_key = </etc/letsencrypt/live/mail.examplel.com/privkey.pem > > > in /etc/dovecot/dovecot.conf or in /etc/dovecot/conf.d/10-ssl.conf > > put > > ssl_min_protocol = TLSv1.2 > ssl_cipher_list = EECDH+AESGCM:EDH+AESGCM > ssl_prefer_server_ciphers = yes > > You can override the global ssl certificates for specific domains in > /etc/dovecot/dovecot.conf >Thanks. I will give a try. after enabling SSL, can I disable port 143 entirely?
__________ I'm using this dedicated address because personal addresses aren't masked enough at this mail public archive. Public archive administrator should fix this against automated addresses collectors. El 22/4/22 a les 1:40, Jeremy Ardley ha escrit:> > On 22/4/22 7:25 am, alice at coakmail.com wrote: >> hello >> >> I have setup website using letsencrypt for certification. >> how can I setup IMAP to use this certs as well? >> >> Thank you. >> > Make entries in /etc/dovecot/conf.d/10-ssl.conf > > ssl = required > > ssl_cert = </etc/letsencrypt/live/mail.example.com/cert.pem > ssl_key = </etc/letsencrypt/live/mail.examplel.com/privkey.pem > > > in /etc/dovecot/dovecot.conf or in /etc/dovecot/conf.d/10-ssl.conf > > put > > ssl_min_protocol = TLSv1.2 > ssl_cipher_list = EECDH+AESGCM:EDH+AESGCM > ssl_prefer_server_ciphers = yes > > You can override the global ssl certificates for specific domains in > /etc/dovecot/dovecot.conf > > local special.example.com { > ? protocol imap { > ??? ssl_cert = </etc/letsencrypt/live/special.example.com/fullchain.pem > ??? ssl_key = </etc/letsencrypt/live/special.example.com/privkey.pem > > ? } > } >+ You should sure "dovecot" service account has read access to /etc/letsencrypt/live/special.example.com/privkey.pem p.e. by adding account to a common group with LE files.