On 1/02/2019 11:35 AM, Frank Bulk
wrote:
Chris,
Thanks, I had missed your previous
response(s).
Two follow up questions:
- What happens
if you forget to exclude those certain domains – are the
certificates in the SSL directory ignored and those
auto-generated in lets used?
Yes if you forget the setting it will probably over-write the
ones you've coppied in with new letsencrypt ones.
- And how do
you “recover” if then want to have custom SSL certificates –
do you just add them to g_ssl_lets_exclude, copy the files
for that domain from the ssl directory to the lets
directory, and execute “tellmail reload”? Or do you have to
restart Surgemail?
Yes fix the exclude setting, copy them again from ssl to lets
folder, and
tellmail ssl_update
should be sufficient.
ChrisP.
Frank
Yes
you can but it's a bit tricky.
Step
1) You need a recent build 7.3p at least
Step
2) You copy the ssl directory tree to the lets directory
tree (or the relevant domains folders at least)
Step
3) you set G_SSL_LETS_EXCLUDE "mail.xyz.com,mail.fred.com"
On
Tuesday 29/01/2019 at 3:42 am, Frank Bulk wrote:
Any
feedback on this? Can we turn this on only for those
domains we don’t already have a separate certificate
in place?
Frank
Thanks,
I had been meaning to ask if we could turn this on
only for domains that we don't already have a cert in
place.
Frank
Sent from my Android phone using TouchDown (www.symantec.com)
-----Original Message-----
From: Jeff Crowe [jeff@wtccommunications.ca]
Received: Wednesday, 31 Oct 2018, 11:35AM
To: surgemail-list@netwinsite.com
[surgemail-list@netwinsite.com]
Subject: [SurgeMail List] g_ssl_auto feature -
how?
Hi
there,
I
have been looking for a fix for my broken Chrome
SSL certs today and ran across this gem on the
surgemail site:
SurgeMail
Version 7.3j2 or later
With
this version of surgemail ssl certificates are
created and signed completely automatically for
all domains, with one setting, no certbot or
other external programs are required!
What
signing authority is being used?
Is
it lets encrypt built into surgemail?
Will
it enable add certs for all services like pop3,
imap, smtp as well as https?
Will
it automatically new certs close to expiration?
and
lastly, where do I download this version? the
current version on the download site is 7.3i2.
Inquiring
minds want to know!
|