we don't support wildcard certificates in letsencrypt in surgemail, but we do allow aliases, just add
ssl_alias settings to the domain in question for any needed aliases.
ChrisP. On Saturday 18/05/2019 at 3:56 am, Frank Bulk wrote: Chris, I’ve just learned that an SSL certificate is only created with the domain listed in “url_host”. - We currently have an SSL certificate that includes webmail and SAN (subject alternative names) pop3, smtp, and imap. Is there support in SM for that? We really can’t stop doing that without creating a huge support nightmare. https://letsencrypt.org/docs/faq/
- What if we want a wildcarded LE certificate? https://community.letsencrypt.org/t/acme-v2-production-environment-wildcards/55578
Kind regards, Frank From: Surgemail Support <surgemail-support@netwinsite.com> Sent: Thursday, January 31, 2019 5:07 PM To: surgemail-list@netwin.co.nz Subject: Re: [SurgeMail List] g_ssl_auto feature - how? On 1/02/2019 11:35 AM, Frank Bulk wrote: Chris, Thanks, I had missed your previous response(s). Two follow up questions: - What happens if you forget to exclude those certain domains – are the certificates in the SSL directory ignored and those auto-generated in lets used?
Yes if you forget the setting it will probably over-write the ones you've coppied in with new letsencrypt ones. - And how do you “recover” if then want to have custom SSL certificates – do you just add them to g_ssl_lets_exclude, copy the files for that domain from the ssl directory to the lets directory, and execute “tellmail reload”? Or do you have to restart Surgemail?
Yes fix the exclude setting, copy them again from ssl to lets folder, and tellmail ssl_update should be sufficient. ChrisP. -
Frank Yes you can but it's a bit tricky. Step 1) You need a recent build 7.3p at least Step 2) You copy the ssl directory tree to the lets directory tree (or the relevant domains folders at least) Step 3) you set G_SSL_LETS_EXCLUDE "mail.xyz.com,mail.fred.com" On Tuesday 29/01/2019 at 3:42 am, Frank Bulk wrote: Any feedback on this? Can we turn this on only for those domains we don’t already have a separate certificate in place? Frank Thanks, I had been meaning to ask if we could turn this on only for domains that we don't already have a cert in place.
Frank
Sent from my Android phone using TouchDown (www.symantec.com)
-----Original Message----- From: Jeff Crowe [jeff@wtccommunications.ca] Received: Wednesday, 31 Oct 2018, 11:35AM To: surgemail-list@netwinsite.com [surgemail-list@netwinsite.com] Subject: [SurgeMail List] g_ssl_auto feature - how? Hi there, I have been looking for a fix for my broken Chrome SSL certs today and ran across this gem on the surgemail site: SurgeMail Version 7.3j2 or laterWith this version of surgemail ssl certificates are created and signed completely automatically for all domains, with one setting, no certbot or other external programs are required! What signing authority is being used? Is it lets encrypt built into surgemail? Will it enable add certs for all services like pop3, imap, smtp as well as https? Will it automatically new certs close to expiration? and lastly, where do I download this version? the current version on the download site is 7.3i2. Inquiring minds want to know!
|