Letsencrypt を postfix, dovecotで使う

自分用メモ

letsencrypt

• インストール方法は以下公式マニュアルを読む
  • http://letsencrypt.readthedocs.org/en/latest/using.html#letsencrypt-auto
• nginx プラグインは、まだexperimental
  • 参考: User Guide — Let's Encrypt 0.2.0.dev0 documentation
• 証明書は3ヶ月ごとに更新される。更新の自動化する必要あり
  • User Guide — Let's Encrypt 0.2.0.dev0 documentation
• Python 2.7が必要。CentOS6は、Python 2.6なので、別途Python 2.7のインストールが必要
  • 参考: Redhat / CentOS 6.x users need python 2.7 - Server - Let's Encrypt Community Support

• サブドメインを追加する時は、-d で追加していく

  • Tutorial on ejabberd, postfix, dovecot and or nginx with letsencrypt - Let's Encrypt Community Support

• インストール場所

  • /etc/letsencrypt/live/example.com/fullchain.pem

postfix & dovecot

• Simple Guide: Using Lets Encrypt SSL certs with Dovecot - Server - Let's Encrypt Community Support

• Tutorial on ejabberd, postfix, dovecot and or nginx with letsencrypt - Let's Encrypt Community Support

• Use on non-web servers? - Server - Let's Encrypt Community Support

postfix

ln -s /etc/letsencrypt/live/domain.tld/privkey.pem /etc/postfix/ssl.key
ln -s /etc/letsencrypt/live/domain.tld/fullchain.pem /etc/postfix/ssl.cert

edit both configs so they point to key and cert
doveadm reload && /etc/init.d/postfix restart

dovecot

/etc/dovecot/conf.d/10-ssl.conf

ssl_cert = </etc/letsencrypt/live/YOURSITE/fullchain.pem
ssl_key = </etc/letsencrypt/live/YOURSITE/privkey.pem

letsencrypt-auto script

encrypt.sh

/tmp/git/letsencrypt/letsencrypt-auto certonly --webroot /var/www/example.jp/www -d example.jp -d www.example.jp -d mail.example.jp

renew SSL

renew-letsencrypt.sh

export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/lib:/opt/rh/python27/root/usr
/lib64
#/etc/init.d/httpd stop
cd /tmp/git/letsencrypt && ./letsencrypt-auto certonly --renew-by-default -d example.jp -d www.example.jp -d mail.example.jp
/etc/init.d/httpd restart