X-Default-Received-SPF: pass (skip=loggedin (res=PASS)) x-ip-name=115-188-46-83-adsl.sparkbb.co.nz;
X-Received: from [192.168.1.65] (115-188-46-83-adsl.sparkbb.co.nz [115.188.46.83])
by netwin.co.nz (SurgeMail 7.3p) with ESMTP (TLS) id 4694294-1391920
for <surgemail-list@netwin.co.nz>; Wed, 31 Oct 2018 20:42:00 +0000
X-Return-Path: surgemail-support
Subject: Re: [SurgeMail List] g_ssl_auto feature - how?
To: surgemail-list@netwin.co.nz
References: <1541017409_534@mail>
From: Surgemail Support
Message-ID: <5fbe1131-ce9f-1f2c-9753-e7405289b966@netwinsite.com>
Date: Thu, 1 Nov 2018 09:41:54 +1300
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101
Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <1541017409_534@mail>
Content-Language: en-US
X-Authenticated-User: surgemail-support
X-Rcpt-To: <surgemail-list@netwin.co.nz>
X-SpamDetect: : 0.000000
X-Info: aspam skipped due to (g_smite_skip_relay)
X-Encryption: SSL encrypted
X-IP-stats: Incoming Last 0, First 6, in=87, out=0, spam=0 ip=115.188.46.83
List-Unsubscribe: <mailto:surgemail-list-leave@netwin.co.nz?subject=unsubscribe>
X-Mailing-List: surgemail-list@netwin.co.nz
List-ID: <surgemail-list@netwin.co.nz>
Precedence: bulk
Reply-To: surgemail-list@netwin.co.nz
Content-Transfer-Encoding: 8bit
Content-Transfer-Encoding: 8bit
It's not so easy, but it can still work. The problem is
authentication MUST be done on port 80, so if your web server owns
that port, then it has to take part.
In that situation you have two choices.
1) You can run another letsencrypt client that is integrated
with your web server, and copy the resulting certificates and keys
into surgemail. (this is the bad option)
2) You can user the setting: g_ssl_lets_path
"/home/httpd/.well-known" to tell surgemail where to find the
webservers well known path, in which it will place files to
accomplish the authentication step. This can work really nicely.
The only issue you have is making sure that path is 'writeable' by
the user 'mail'. And make sure your webserver responds for all
domains that you want to support.
ChrisP.
On 1/11/2018 9:22 AM, eddie wrote:
Hi Chris,
Will this still work if you ar running an web server as well?
Thanks
Eddie
Sent from my
Samsung Galaxy smartphone.
-------- Original message --------
Date: 1/11/18 09:11 (GMT+12:00)
Subject: Re: [SurgeMail List] g_ssl_auto feature - how?
On 1/11/2018 7:34 AM, Jeff Crowe
wrote:
Hi there,
I have been looking for a fix for my broken Chrome
SSL certs today and ran across this gem on the surgemail site:
SurgeMail
Version 7.3j2 or later
With this version of surgemail ssl certificates are
created and signed completely automatically for all domains,
with one setting, no certbot or other external programs
are required!
I have questions!
What signing authority is being used?
Letsencrypt.
Is it lets encrypt built into surgemail?
Yes.
Will it enable add certs for all services like
pop3, imap, smtp as well as https?
Yes.
Will it automatically new certs close to
expiration?
Yes.
and lastly, where do I download this version?
the current version on the download site is 7.3i2.
http://netwinsite.com/surgemail/betadownloads.htm
ChrisP.
Inquiring minds want to know!
Thanks
Jeff Crowe
WTC Communications