You mean after copying the certificate file? BAsically if it fails to respond on the secure ports it is usually because it's got a faulty certificate that it cannot read or doesn't match it's private key file.

If you are copying them from your webserver you need surge_cert.pem (the certificate, and chain certs), and surge_priv.pem (the private key file).

Then restart surgemail, and check mail.err to see if it loaded those ok.

    (or tellmail ssl_reload on recent versions will also tell you something about if it can load the certificate file ok)

    ChrisP.

(in theory) Just setup a cron job that coppies the certificates into the
surgemail folder/file (surgemail/ssl/surge_cert.pem) and issues a
     tellmail ssl_reload

Thanks Chris.
I can't get a response from https://myserver:7025 - not even on the local system and on testing with telnet.
Same for Webmail on port 7443
Anything else I need to turn on?

(I believe the 143 is incorrect)

g_manager_secure_port - Manager secure port (default 143)

This should be the main server management port and provides a secure server management connection. By default it is port 7025. https://your.mail.server:7025. Use the keyword 'disabled' to disable this part of the SurgeMail service.

Syntax: g_manager_secure_port int