You are not logged in. Please login or register.
iRedMail → iRedMail Support → Will there be integration with https://letsencrypt.org ?
Hello
Are there plans to integrate with https://letsencrypt.org ?
This would provide for an easy way to make encryption with official certificates easily deployable if iredmail would support automation with lets encrypt.
Mike
----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.
I'm keeping my eyes on letsencrypt, definitely interested in this integration. Will try to integrate in future release, but no promise when it will be implemented. sorry.
No worries - lets encrypt is still not even public beta, so we don't expect wonders regarding the timeline ;-)
Just good to know you are aware of it...
I will try to understand how it works and how to integrate it, but have to wait until it's stable (out of beta).
It basically "works" already with apache being the Webserver out of the box after upgrading Python to a more recent version than supported in the LTS of Ubuntu e.g.
Drawback is - while the SSL now is working fine it breaks all sites apart from webmail - no more admin etc.
If those changes can be reverted it would be alredy a fine solution 
I have LetsEncrypt working on Centos 7.2 with Iredmail 0.9.3. It's fairly straightforward installation. If I get time I'll provide instructions of how this was accomplished on my system.
I have LetsEncrypt working on Centos 7.2 with Iredmail 0.9.3. It's fairly straightforward installation. If I get time I'll provide instructions of how this was accomplished on my system.
Any progress on that?
No progress yet.
Note: there're several third-party letsencrypt clients available on github/bitbucket, it's ok to use them to get ssl cert.
No progress yet.
Note: there're several third-party letsencrypt clients available on github/bitbucket, it's ok to use them to get ssl cert.
Thanks, but I meant dsp3's instructions.
I got an SSL cert (I think) using letsencrypt-auto certonly, I just don't know what to do with it.
I have LetsEncrypt working on Centos 7.2 with Iredmail 0.9.3. It's fairly straightforward installation. If I get time I'll provide instructions of how this was accomplished on my system.
Another voice to a tutorial when you have some time dsp3 
Currently Letsencrypt needs a valid FQDN to work properly, and this domain will be recorded on Letsencrypt's database.
ISP assigned dynamic Domain Name won't work; Letsencrypt will prompt you that it's on the black list.
dsp3 wrote:I have LetsEncrypt working on Centos 7.2 with Iredmail 0.9.3. It's fairly straightforward installation. If I get time I'll provide instructions of how this was accomplished on my system.
Another voice to a tutorial when you have some time dsp3
Ok. I made a quick and dirty guide which can be found here
Ok. I made a quick and dirty guide which can be found here
Excellent. Maybe you can omit the updating config files part, and point to our tutorial here:
http://www.iredmail.org/docs/use.a.boug … icate.html
dsp3 wrote:Ok. I made a quick and dirty guide which can be found here
Excellent. Maybe you can omit the updating config files part, and point to our tutorial here:
http://www.iredmail.org/docs/use.a.boug … icate.html
I updated to refer to back to the reference docs, but left as an example of how they will look.
I updated to refer to back to the reference docs, but left as an example of how they will look.
Thanks. 
By the way, the cert/chain names in Postfix are wrong:
postconf -e smtpd_tls_cert_file='/etc/letsencrypt/live/mail.domain.com/cert.pem'
postconf -e smtpd_tls_CAfile='/etc/letsencrypt/live/mail.domain.com/chain.pem'Should the "chain.pem" be "fullchain.pem" (which is mentioned in whole tutorial)?
your Dovecot settings are improper, it should be:
ssl_cert = </path/to/cert.pem
ssl_key = </path/to/privkey.pem
ssl_ca = </path/to/fullchain.pemSame to the MySQL/MariaDB settings.
I suggest you check our tutorial as a reference.
dsp3 wrote:I updated to refer to back to the reference docs, but left as an example of how they will look.
Thanks.
By the way, the cert/chain names in Postfix are wrong:
postconf -e smtpd_tls_cert_file='/etc/letsencrypt/live/mail.domain.com/cert.pem' postconf -e smtpd_tls_CAfile='/etc/letsencrypt/live/mail.domain.com/chain.pem'Should the "chain.pem" be "fullchain.pem" (which is mentioned in whole tutorial)?
your Dovecot settings are improper, it should be:
ssl_cert = </path/to/cert.pem ssl_key = </path/to/privkey.pem ssl_ca = </path/to/fullchain.pemSame to the MySQL/MariaDB settings.
I suggest you check our tutorial as a reference.
dsp3 wrote:I updated to refer to back to the reference docs, but left as an example of how they will look.
Thanks.
By the way, the cert/chain names in Postfix are wrong:
postconf -e smtpd_tls_cert_file='/etc/letsencrypt/live/mail.domain.com/cert.pem' postconf -e smtpd_tls_CAfile='/etc/letsencrypt/live/mail.domain.com/chain.pem'Should the "chain.pem" be "fullchain.pem" (which is mentioned in whole tutorial)?
your Dovecot settings are improper, it should be:
ssl_cert = </path/to/cert.pem ssl_key = </path/to/privkey.pem ssl_ca = </path/to/fullchain.pemSame to the MySQL/MariaDB settings.
I suggest you check our tutorial as a reference.
Hi Zhang. I just checked. All settings I have are correct and working on my install.
No need for ssl_ca in Dovecot as fullchain.pem takes care of that. Same with MariaDB. Postfix needs all three (CA, cert, key).
All services are working correctly, but as I stated in my post, users should refer to the reference documents you provided.
I have installed iRedMail on a Ubuntu Server fresh install then i installed lets encrypt to provide SSL and now my admin panel doesn't work. i am using Apache. Any help would be great.
Thanks
now my admin panel doesn't work.
What do you mean "doesn't work"?
softwaredev16 wrote:now my admin panel doesn't work.
What do you mean "doesn't work"?
It loads a 404 not found message
It loads a 404 not found message
*) What Nginx settings did you change?
*) With iRedMail-0.9.4, iredadmin config for Nginx is just a template file: /etc/nginx/templates/iredadmin.tmpl, you just include it in /etc/nginx/conf.d/[server].conf, that's it. Please double check your Nginx config file, make sure you have this template file included.
softwaredev16 wrote:It loads a 404 not found message
*) What Nginx settings did you change?
*) With iRedMail-0.9.4, iredadmin config for Nginx is just a template file: /etc/nginx/templates/iredadmin.tmpl, you just include it in /etc/nginx/conf.d/[server].conf, that's it. Please double check your Nginx config file, make sure you have this template file included.
Sorry i have Apache. Do I need to switch to Nginx if so, how do I ?
With Apache, please check its config file to make sure it has settings like this:
Alias /iredadmin/static "/var/www/iRedAdmin-0.1.7/static/"
WSGIScriptAlias /iredadmin "/var/www/iRedAdmin-0.1.7/iredadmin.py/"The path to iRedAdmin and version number may be different on your server. If you cannot find it, please create a new forum topic.
With Apache, please check its config file to make sure it has settings like this:
Alias /iredadmin/static "/var/www/iRedAdmin-0.1.7/static/" WSGIScriptAlias /iredadmin "/var/www/iRedAdmin-0.1.7/iredadmin.py/"
I had the exact same issues, I'm running iRedMail version 0.9.4 on Ubuntu 14.04. I installed letsencrypt for apache since apache was already running as part of iRedMail. TLS for dovecot and postfix was working by referencing the path to LE however the iRedMail admin panel returned a 404. Roundcube webmail was the only site that would come up.
Apache logs were showing a conflict with SNI,
[ssl:warn] [pid 4318] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)I copied the Alias settings from /etc/apache2/sites-available/default-ssl.conf
Alias /iredadmin/static "/opt/www/iredadmin/static/"
WSGIScriptAlias /iredadmin "/opt/www/iredadmin/iredadmin.py/"
Alias /mail "/opt/www/roundcubemail/"
Alias /awstats/icon "/usr/share/awstats/icon/"
Alias /awstatsicon "/usr/share/awstats/icon/"
ScriptAlias /awstats "/usr/lib/cgi-bin/"And copy this in /etc/apache2/sites-available/000-default-le-ssl.conf
I restarted apache
service apache2 restartThe admin portal came back up for me.
mail.mysite.com/awstats/awstats.pl doesn't let me log in with the same username and password set during installation for the other web sites, but that's a problem for another post.
iRedMail → iRedMail Support → Will there be integration with https://letsencrypt.org ?
Powered by PunBB, supported by Informer Technologies, Inc.
Currently installed 2 official extensions. Copyright © 2003–2010 PunBB.
Generated in 0.010 seconds (69% PHP - 31% DB) with 10 queries