This has Godaddy, LetsEncrypt, and Self-Signed.
On 5/13/2021 11:04 AM, Scott Hughes wrote:
Is there a howto or a page that details how to properly install the
certificate I purchased? Thanks!
On May 12, 2021, at 11:29, Eric Broch <[email protected]> wrote:
Here's my auto renew script:
<le>
#!/bin/bash
# When to renew, days before expiration
days=3
today=`date`
today=`date --date="$today" --utc +%s`
# FQDN for which to renew certificate
fqdn=host.domain.tld
certfile=/etc/letsencrypt/live/$fqdn/fullchain.pem
exp=`openssl x509 -dates -noout < $certfile | grep notAfter | sed
's/notAfter=//'`
off=`date --date="$exp" --utc +%s`
diff=$(( (off - today)/86400 ))
echo "Certificate for FQDN $fqdn expires in $diff day(s)"
# Renew if we're within the days parameter
if [ $diff -le $days ]
then
echo "Renew certificate $fqdn ..."
certbot renew --cert-name $fqdn
echo "Reload httpd..."
systemctl reload httpd
systemctl status httpd
echo "Install certificate for QMT..."
cat /etc/letsencrypt/live/$fqdn/privkey.pem
/etc/letsencrypt/live/$fqdn/fullchain.pem > /my/dir/path/servercert.pem
cp -p /var/qmail/control/servercert.pem
/var/qmail/control/servercert.pem.bak
cp /my/dir/path/servercert.pem /var/qmail/control/servercert.pem
qmailctl stop && sleep 5 && qmailctl start
systemctl restart dovecot
fi
echo "Done..."
exit 0
</le>
In crontab
@daily /my/dir/path/le
On 5/12/2021 5:34 AM, CarlC Internet Services Service Desk wrote:
Remo,
I use LetsEncrypt, but I tell everyone who uses the service to use
“secure.carlc.com” as the email server name. This causes the IMAP
SSL to match up with the FQDN they are looking for. I never have an
issue when LetsEncrypt does it automatic update [which is every 60
days as recommended by LetsEncrypt’s certbot] and the customer never
gets a SSL cert mismatch.
Carl
*From:*Remo Mattei [mailto:[email protected]]
*Sent:* Tuesday, May 11, 2021 09:07 PM
*To:* [email protected]
*Subject:* Re: [qmailtoaster] Certificate
Yes the thing is 10 dollars for 2 years nothing to change whereas,
letencrypt, need to change every 90 days and IMAP will prompt you
for a new cert.. not ideal for customers if you do for your personal
servers then that’s good.
Remo
On May 11, 2021, at 4:04 PM, Rodrigo Cortes <[email protected]
<mailto:[email protected]>> wrote:
Hi!
Use letencrypt, is free :)
El mar, 11 may 2021 a las 18:49, <[email protected]
<mailto:[email protected]>> escribió:
Ssls.com <http://Ssls.com>
> Il giorno 11 mag 2021, alle ore 15:03, Scott Hughes
<[email protected] <mailto:[email protected]>>
ha scritto:
>
> Where is the cheapest place to get a certificate for my
server. The server is in the USA if that matters. Thank you!
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
[email protected]
<mailto:[email protected]>
> For additional commands, e-mail:
[email protected]
<mailto:[email protected]>
>
---------------------------------------------------------------------
To unsubscribe, e-mail:
[email protected]
<mailto:[email protected]>
For additional commands, e-mail:
[email protected]
<mailto:[email protected]>
