search for: letsencrypt

Displaying 20 results from an estimated 556 matches for "letsencrypt".

2018 Aug 29
3
SNI Dovecot
Hi all, I'm testing the SNI configuration from dovecot's wiki page, to have multiple domains. I'm using letsencrypt certificates. On the 10-ssl.conf, when I only use one domain, like this, it works : ssl_ca = </etc/letsencrypt/live/mail.mydomain.fr/chain.pem ssl_cert = </etc/letsencrypt/live/mail.mydomain.fr/cert.pem ssl_key = </etc/letsencrypt/live/mail.mydomain.fr/privkey.pem I got a warning of cou...
2017 Mar 03
6
letsencrypt
Hello, I know some users here are using letsencrypt for their CA. If this is to off topic write me privately. I'm wanting letsencrypt to take over as my CA, replacing existing self signed certificates. I've got web working, a certificate for https sites and one for webmail as they have different names. What I'm now wanting to do is get...
2018 Sep 15
1
icecast ssl and letsencrypt renewal
Install letsencrypt and request a certificate specifying the webroot of your Icecast server and the host.domain: certbot-auto certonly --webroot --webroot-path /usr/share/icecast2/web/ -d icecast.domain.name Now you should have a certificate for your server, it's only in the wrong format for Icecast, copy the ke...
2018 Sep 06
2
icecast ssl and letsencrypt renewal
That’s what I have been looking for, thanks ! From: Icecast [mailto:icecast-bounces at xiph.org] On Behalf Of Tycho Eggen Sent: donderdag 6 september 2018 22:21 To: Icecast streaming server user discussions Subject: Re: [Icecast] icecast ssl and letsencrypt renewal You can add a posthook to your certbot cronjob: certbot renew —post-hook “/etc/init.d/icecast restart” Or however you restart icecast On Thu, Sep 6, 2018 at 13:05 _zer0_ gravity <zer0___ at hotmail.com<mailto:zer0___ at hotmail.com>> wrote: Hi all, I have setup icecast to w...
2017 Mar 03
3
letsencrypt
...there another way of doing this? I've got a web server running on 80 and 443. Are there any other options? Thanks. Dave. On 3/3/17, Michael Neurohr <mine at michi.su> wrote: > On 2017-03-03 19:07, David Mehler wrote: >> Hello, >> >> I know some users here are using letsencrypt for their CA. If this is >> to off topic write me privately. >> >> I'm wanting letsencrypt to take over as my CA, replacing existing self >> signed certificates. I've got web working, a certificate for https >> sites and one for webmail as they have different n...
2016 Aug 19
5
a question about certificates from letsencrypt
Hello! Certificates from letsencrypt are renewed every three months. Does that mean a MUA has to accept the renewed certificates manually everytime it is renewed? Sorry if this is OT! Greetings Andreas
2020 Jul 01
4
local stanza only generated for IPv6
...a mail server with multiple IP addresses and associated DNS names In the dovecot configuration I have a listen directive: ??? listen = mail.example.com.com,mail.otherexample.com,localhost Multiple local stanzas are of the form: local mail.example.com { ? protocol imap { ???? ssl_cert = </etc/letsencrypt/live/mail.example.com/fullchain.pem ???? ssl_key = </etc/letsencrypt/live/mail.example.com/privkey.pem ???? service imaps_login { ?????? inet_listener imaps { ???????? address=mail.example.com ?????? } ?????? inet_listener imap { ???????? address=mail.example.com ?????? } ???? } ? } } mail.exa...
2017 Mar 03
0
letsencrypt
On 2017-03-03 19:07, David Mehler wrote: > Hello, > > I know some users here are using letsencrypt for their CA. If this is > to off topic write me privately. > > I'm wanting letsencrypt to take over as my CA, replacing existing self > signed certificates. I've got web working, a certificate for https > sites and one for webmail as they have different names. What I'm...
2018 Sep 06
2
icecast ssl and letsencrypt renewal
Hi all, I have setup icecast to work with letsencrypt ssl certificate, this works fine. But now I am struggling a bit on how to renew the certificate every 3 months. As per letsencrypt recommendation I run a cronjob to check for renewal every day, problem is when there is a new certificate Icecast needs to be restarted to pick it up, as the certifica...
2020 May 25
2
How to make IMAPS SSL Cert for Dovecot that works with Thunderbird
s_client: Option unknown option -trace *** x509: Unknown parameter text On 5/25/20 11:49 AM, Aki Tuomi wrote: > Hi! > > Can you do > > openssl x509 text -noout </etc/letsencrypt/live/...../fullchain.pem > > and check these things: > > your server hostname isn included in SubjectAlternativeNames, and that the cert hasn't got MUST-STAPLE attribute? You can see this by looking for 1.3.6.1.5.5.7.1.24 > > Also, can you provide output of > > opens...
2018 Aug 31
0
SNI Dovecot
...st.https://dovecot.org/pipermail/dovecot /2018-July/112368.html Best regardsMartin Johannes Dauser On Wed, 2018-08-29 at 14:41 +0000, Nicolas wrote: > ?Hi all, > > I'm testing the SNI configuration from dovecot's wiki page, to have > multiple domains. > > I'm using letsencrypt certificates. > ? On the 10-ssl.conf, when I only use one domain, like this, it works > : > > ssl_ca = </etc/letsencrypt/live/mail.mydomain.fr/chain.pem > ssl_cert = </etc/letsencrypt/live/mail.mydomain.fr/cert.pem > ssl_key = </etc/letsencrypt/live/mail.mydomain.fr/priv...
2020 May 25
2
How to make IMAPS SSL Cert for Dovecot that works with Thunderbird
...The below lines are in the dovecot config file. This seems to be the same as Aki's suggestion. correct? I have also double checked file perms, tried with several new key gens, several versions of thunderbird and created completely new thunderbird profiles. Thank you, ssl_cert = </etc/letsencrypt/live/...../fullchain.pem ssl_key = </etc/letsencrypt/live/...../privkey.pem On 5/25/20 11:11 AM, Aki Tuomi wrote: > The real reason is that you have misconfigured your cert. Alert 42 means that the *client* consider *server* client untrusted. > > If you are using LE cert you should c...
2018 Jul 30
4
dovecot 2.3.x, ECC and wildcard certificates, any issues
I don't know how to get both RSA and ECC cert from letsencrypt. Aki > On 30 July 2018 at 20:43 David Mehler <dave.mehler at gmail.com> wrote: > > > Hello, > > What acme implementation do you use for your letsencrypt certificates? > If it's acme.sh how do you get both rsa and ecc certificates? What > configuration options...
2017 Mar 20
2
Dovecot can't connect to openldap over starttls [REQUEST OF OPENLDAP]
The one that works fine was my openxchange server, that loads contacts from openldap. In my opinion I don't have installed a security framework list SELinux or AppArmor. The output of namei -l /etc/ssl/certs/LetsEncrypt.pem f: /etc/ssl/certs/LetsEncrypt.pem drwxr-xr-x root root / drwxr-xr-x root root etc drwxr-xr-x root root ssl drwxr-xr-x root root certs lrwxrwxrwx root root LetsEncrypt.pem -> /etc/ssl/own/LetsEncrypt.crt drwxr-xr-x root root / drwxr-xr-x root root etc drwxr-xr...
2020 Jan 23
3
PJSIP and Grandstream Wave with TSL and SRTP
...od = tlsv1_2 > cipher = > ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES128 > -GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA- > AES256-SHA384,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256 > cert_file = /etc/letsencrypt/live/specialdomain.com/fullchain.pem > priv_key_file = /etc/letsencrypt/live/specialdomain.com/privkey.pem Thanks, it still says SSL SSL_ERROR_SSL (Handshake): Level: 0 err: <336109761> <SSL routines- ssl3_get_client_hello-no shared cipher> len: 0 peer: 10.10.20.29:54937 Why doe...
2017 Mar 03
0
letsencrypt
I have DNS setup as my auth, and use nsupdate to let it get the token. On 3/3/17, 12:07 PM, "dovecot on behalf of David Mehler" <dovecot-bounces at dovecot.org on behalf of dave.mehler at gmail.com> wrote: Hello, I know some users here are using letsencrypt for their CA. If this is to off topic write me privately. I'm wanting letsencrypt to take over as my CA, replacing existing self signed certificates. I've got web working, a certificate for https sites and one for webmail as they have different names. What I'm now...
2018 Sep 06
0
icecast ssl and letsencrypt renewal
Hello, How did you get icecast and letsencrypt certificates working? Thanks. Dave. On 9/6/18, _zer0_ gravity <zer0___ at hotmail.com> wrote: > That’s what I have been looking for, thanks ! > > From: Icecast [mailto:icecast-bounces at xiph.org] On Behalf Of Tycho Eggen > Sent: donderdag 6 september 2018 22:21 > To: Icecas...
2016 Apr 13
2
Warning: Global setting won't change the setting inside an earlier filter
...ide a filter https://github.com/dovecot/core/commit/87404eae4581d7ef834f490507503e59a500066e My configuration is (shorted): # dovecot -n # 2.2.devel (87404ea): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.devel (215349a) # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.10 [...] ssl_cert = </etc/letsencrypt/live/v083.violet.fastwebserver.de/fullchain.pem [...] ssl_key = </etc/letsencrypt/live/v083.violet.fastwebserver.de/privkey.pem [...] local_name imap.langzeittest.de { ssl_cert = </etc/letsencrypt/live/fahrerlager.langzeittest.de/fullchain.pem ssl_key = </etc/letsencrypt/live/fahrerlag...
2017 Mar 03
0
letsencrypt
David Mehler <dave.mehler at gmail.com> writes: > I'm wanting letsencrypt to take over as my CA, replacing existing self > signed certificates. I've got web working, a certificate for https > sites and one for webmail as they have different names. What I'm now > wanting to do is get letsencrypt going for my email setup, the smtp > handled by postfix,...
2020 Aug 17
1
Apple Mail Since upgrade to dovecot 2.3.x unable to connect
...call failed: Invalid argument| || |Unfortunately, it doesn't reveal the name of the unsupported protocol. Also, what about the failed syscall? Does dovecot try and fail to open some file?| |Here are the contents of /etc/dovecot/conf.d/10-ssl.conf:| |??? ssl = yes ??? ssl_cert = </etc/ssl/letsencrypt/idaweb-mail.rooot.de/fullchain.pem ??? ssl_key = </etc/ssl/letsencrypt/idaweb-mail.rooot.de/key.pem ??? ssl_ca = </etc/ssl/letsencrypt/idaweb-mail.rooot.de/ca.pem ??? ssl_client_ca_dir = /etc/ssl/certs ??? ssl_dh = </etc/dovecot/dh.pem | |I would greatly appreciate any hints! | |Cheers,|...