Proxmox Mail Gateway + Letsencrypt

calocen

New Member
Oct 27, 2008
8
0
1
[MODERATOR EDIT]: See https://forum.proxmox.com/threads/how-to-lets-encrypt-and-pmg.41493/ instead!

A tiny recipe to use letsencrypt certificates with Proxmox Mail Gateway 5.0
Previously update / dist-upgrade your host and create a backup of /etc folder

Install letsencrypt certbot
Code:
apt-get install -y certbot
Install a new certificate
Code:
certbot --authenticator standalone certonly -d $(hostname -f) --agree-tos
Jump to new certificate and replace selfsigned pmg

Code:
pushd /etc/letsencrypt/live/$(hostname -f)
cat privkey.pem cert.pem > /etc/pmg/pmg-api.pem
cp fullchain.pem /etc/pmg/pmg-tls.pem
Restart service
Code:
service pmgproxy restart
login in a new tab, don't reload.

[EDIT]
This line was a typo: cp privkey.pem /etc/pmg/pmg-authkey.key
 
Last edited:
A tiny recipe to use letsencrypt certificates with Proxmox Mail Gateway 5.0
Previously update / dist-upgrade your host and create a backup of /etc folder

Install letsencrypt certbot
Code:
apt-get install -y certbot
Install a new certificate
Code:
certbot --authenticator standalone certonly -d $(hostname -f) --agree-tos
Jump to new certificate and replace selfsigned pmg

Code:
pushd /etc/letsencrypt/live/$(hostname -f)
cat privkey.pem cert.pem > /etc/pmg/pmg-api.pem
cp privkey.pem /etc/pmg/pmg-authkey.key
cp fullchain.pem /etc/pmg/pmg-tls.pem
Restart service
Code:
service pmgproxy restart
login in a new tab, don't reload.

This howto looks wrong to me, I cannot see that TLS on postfix can work with this.
 
A tiny recipe to use letsencrypt certificates with Proxmox Mail Gateway 5.0
Previously update / dist-upgrade your host and create a backup of /etc folder

Install letsencrypt certbot
Code:
apt-get install -y certbot
Install a new certificate
Code:
certbot --authenticator standalone certonly -d $(hostname -f) --agree-tos
Jump to new certificate and replace selfsigned pmg

Code:
pushd /etc/letsencrypt/live/$(hostname -f)
cat privkey.pem cert.pem > /etc/pmg/pmg-api.pem
# [EDIT] This line was a typo: cp privkey.pem /etc/pmg/pmg-authkey.key
cp fullchain.pem /etc/pmg/pmg-tls.pem
Restart service
Code:
service pmgproxy restart
login in a new tab, don't reload.

This command does not need to run correct?
cp privkey.pem /etc/pmg/pmg-authkey.key
 
A tiny recipe to use letsencrypt certificates with Proxmox Mail Gateway 5.0
Previously update / dist-upgrade your host and create a backup of /etc folder

Install letsencrypt certbot
Code:
apt-get install -y certbot
Install a new certificate
Code:
certbot --authenticator standalone certonly -d $(hostname -f) --agree-tos
Jump to new certificate and replace selfsigned pmg

Code:
pushd /etc/letsencrypt/live/$(hostname -f)
cat privkey.pem cert.pem > /etc/pmg/pmg-api.pem
cp fullchain.pem /etc/pmg/pmg-tls.pem
Restart service
Code:
service pmgproxy restart
login in a new tab, don't reload.

[EDIT]
This line was a typo: cp privkey.pem /etc/pmg/pmg-authkey.key

Hi

letsencrypt renews ssl automatic ?
 
You have to create a cronjob.

The debian (stretch) package comes with a cron job and a systemd timer.

The cron job won't execute the renew command when you are running systemd (if /run/systemd/system is detected). It's done via certbot.timer
Edit certbot.service (/lib/systemd/system/certbot.service), i.e. preferred challenges, post-hook script & put your copy/restart commands in a post-hook script.
Make sure certbot.timer is started.
 
Last edited: