Can Abyss create Let's Encrypt Certificates for SMTP etc. ?

 
Post new topic   Reply to topic    Aprelium Forum Index -> SSL/Certificates
View previous topic :: View next topic  
Author Message
DavidQ
-


Joined: 28 Jan 2009
Posts: 18

PostPosted: Wed Oct 23, 2019 10:43 am    Post subject: Can Abyss create Let's Encrypt Certificates for SMTP etc. ? Reply with quote

Hi,

I would like to create Let's Encrypt certificates for URLs which are not served directly by Abyss e.g. smtp.exampledomain.co.uk for my smtp server software which runs on the same Windows PC as Abyss.

Is this possible?

Thanks,

David
Back to top View user's profile Send private message
admin
Site Admin


Joined: 03 Mar 2002
Posts: 1295

PostPosted: Sat Oct 26, 2019 11:14 am    Post subject: Re: Can Abyss create Let's Encrypt Certificates for SMTP etc Reply with quote

DavidQ,

This is possible and the latest version of 2.12.1 has a relatively "hidden" feature to make exporting the retrieved certificate possible.

All you have to do is to configure a Web host with that name and set it to get its certificate from Let's Encrypt. The Web host needs only to have an empty directory and no files.

Next, in the console, select "Configure" associated with the host, next "General", next "Edit" in "Advanced Parameters", next "Edit" in "SSL/TLS Parameters", next "Edit" in "ACME Parameters", next "Edit" in "Advanced Parameters".

Two fields in that last screen are displayed:
* "Path of the private key file copy (updated upon each renewal)"
* "Path of the certificate file copy (updated upon each renewal)"

The two fields could be configured with paths where the files (cert and private key) will be saved after each renewal of the certificate from Let's Encrypt.

You can then point your other software (the SMTP server for example) to these two files to use them as its cert and private key files.

We'll be waiting for your feedback.
_________________
Follow @abyssws on Twitter
Subscribe to our newsletter
_________________
Forum Administrator
Aprelium - https://aprelium.com
Back to top View user's profile Send private message
DavidQ
-


Joined: 28 Jan 2009
Posts: 18

PostPosted: Sat Oct 26, 2019 10:59 pm    Post subject: Reply with quote

Thanks for your assistance, I would appreciate some clarification.

First, (if I understand this correctly) if I want a separate certificate exported for smtp etc. then I need to set up a new host called smtp.exampledomain.co.uk then set its configuration values to...

Protocol : HTTP+HTTPS
HTTP Port : Default HTTP Port (80)
HTTPS Port : Default HTTP Port (443)

Which enables me to select a certificate type as follows...
Certificate Type : From an ACME Account
ACME Account : LE Account

The end result creates a new host called http://smtp.exampledomain.co.uk

Is that right? http://smtp... doesn't seem correct somehow?

Second, I am unclear as to what the values should be for...
* "Path of the private key file copy (updated upon each renewal)"
* "Path of the certificate file copy (updated upon each renewal)"

Do I need to copy a file from somewhere as a default value?
Could you please provide an example?

Thirdly, if I simply add the smtp.exampledomain.co.uk to my existing www.exampledomain.co.uk Abyss host configuration, does Abyss/Let's Encrypt include the smtp.exampledomain.co.uk as an extra certificate component in the existing certificate that is created for www.exampledomain.co.uk (the www certificate that gets stored in the Abyss kcstore folder) ? Thereby effectively making a single certificate containing multiple sub-domains?

I will look forward to your reply.

Many Thanks,

David
Back to top View user's profile Send private message
admin
Site Admin


Joined: 03 Mar 2002
Posts: 1295

PostPosted: Wed Nov 06, 2019 4:25 pm    Post subject: Reply with quote

(We're already exchanging with DavidQ about this topic by email. We are reposting here our replies in case other users need the same feature.)

Regarding the example for the paths, simply create a directory inside your hard drive (for example C:\mycerts) and configure each of the paths to C:\mycrerts\cert1.pem (for storing the certificate) and c:\mycerts\key1.pem (for storing the private key.)

So each change or update of the certificate from Let's Encrypt will result in both these files updated. You can then point the SMTP server to use both these files for the SSL configuration.

Regarding the use of other names, this is possible and is actually a great workaround to reduce the number of certificates and hosts. So you could associate several names with the main host and use the certificate for both the Web host and the SMTP host.
_________________
Follow @abyssws on Twitter
Subscribe to our newsletter
_________________
Forum Administrator
Aprelium - https://aprelium.com
Back to top View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Aprelium Forum Index -> SSL/Certificates All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB phpBB Group