> > On 22/4/22 7:25 am, alice at coakmail.com wrote: >> hello >> >> I have setup website using letsencrypt for certification. >> how can I setup IMAP to use this certs as well? >> >> Thank you. >> > Make entries in /etc/dovecot/conf.d/10-ssl.conf > > ssl = required > > ssl_cert = </etc/letsencrypt/live/mail.example.com/cert.pem > ssl_key = </etc/letsencrypt/live/mail.examplel.com/privkey.pem > > > in /etc/dovecot/dovecot.conf or in /etc/dovecot/conf.d/10-ssl.conf > > put > > ssl_min_protocol = TLSv1.2 > ssl_cipher_list = EECDH+AESGCM:EDH+AESGCM > ssl_prefer_server_ciphers = yes > > You can override the global ssl certificates for specific domains in > /etc/dovecot/dovecot.conf >Thanks. I will give a try. after enabling SSL, can I disable port 143 entirely?
On 2022-04-22 01:44, alice at coakmail.com wrote:> Thanks. I will give a try. > after enabling SSL, can I disable port 143 entirely?yes
On 22/4/22 7:44 am, alice at coakmail.com wrote:>> On 22/4/22 7:25 am, alice at coakmail.com wrote: >> > Thanks. I will give a try. > after enabling SSL, can I disable port 143 entirely? >Probably a bad idea. Many clients use STARTTTLS on port 143 rather than TLS on port 993 -- Jeremy -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20220422/51d351ad/attachment.htm> -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature Type: application/pgp-signature Size: 236 bytes Desc: OpenPGP digital signature URL: <https://dovecot.org/pipermail/dovecot/attachments/20220422/51d351ad/attachment.sig>
>>> I have setup website using letsencrypt for certification. >>> how can I setup IMAP to use this certs as well? >>> >> Make entries in /etc/dovecot/conf.d/10-ssl.conf >> >> ssl = required >> >> ssl_cert = </etc/letsencrypt/live/mail.example.com/cert.pem >> ssl_key = </etc/letsencrypt/live/mail.examplel.com/privkey.pemKeep in mind the subject name (CN or SAN AltNames) of your certificate must match your IMAP server name e.g. if your certificate is made for "www.mydomain.com", you'll have to configure your IMAP clients to also use "www.mydomain.com" as the IMAP server name. This typically means the web and IMAP server must reside on the same server, otherwise you'll have to use DNS challenge method to support multiple hostnames on the same certificate. Joseph Tam <jtam.home at gmail.com>