Proxmox Mail Gateway + Letsencrypt

C

calocen

New Member
Oct 27, 2008
8
0
1
[MODERATOR EDIT]: See https://forum.proxmox.com/threads/how-to-lets-encrypt-and-pmg.41493/ instead!

A tiny recipe to use letsencrypt certificates with Proxmox Mail Gateway 5.0
Previously update / dist-upgrade your host and create a backup of /etc folder

Install letsencrypt certbot
Code: 
apt-get install -y certbot
Install a new certificate
Code: 
certbot --authenticator standalone certonly -d $(hostname -f) --agree-tos
Jump to new certificate and replace selfsigned pmg

Code: 
pushd /etc/letsencrypt/live/$(hostname -f)
cat privkey.pem cert.pem > /etc/pmg/pmg-api.pem
cp fullchain.pem /etc/pmg/pmg-tls.pem
Restart service
Code: 
service pmgproxy restart
login in a new tab, don't reload.

[EDIT]
This line was a typo: cp privkey.pem /etc/pmg/pmg-authkey.key
 
Last edited:
calocen said:
A tiny recipe to use letsencrypt certificates with Proxmox Mail Gateway 5.0
Previously update / dist-upgrade your host and create a backup of /etc folder

Install letsencrypt certbot
Code: 
apt-get install -y certbot
Install a new certificate
Code: 
certbot --authenticator standalone certonly -d $(hostname -f) --agree-tos
Jump to new certificate and replace selfsigned pmg

Code: 
pushd /etc/letsencrypt/live/$(hostname -f)
cat privkey.pem cert.pem > /etc/pmg/pmg-api.pem
cp privkey.pem /etc/pmg/pmg-authkey.key
cp fullchain.pem /etc/pmg/pmg-tls.pem
Restart service
Code: 
service pmgproxy restart
login in a new tab, don't reload.
Click to expand...

This howto looks wrong to me, I cannot see that TLS on postfix can work with this.
 
calocen said:
A tiny recipe to use letsencrypt certificates with Proxmox Mail Gateway 5.0
Previously update / dist-upgrade your host and create a backup of /etc folder

Install letsencrypt certbot
Code: 
apt-get install -y certbot
Install a new certificate
Code: 
certbot --authenticator standalone certonly -d $(hostname -f) --agree-tos
Jump to new certificate and replace selfsigned pmg

Code: 
pushd /etc/letsencrypt/live/$(hostname -f)
cat privkey.pem cert.pem > /etc/pmg/pmg-api.pem
# [EDIT] This line was a typo: cp privkey.pem /etc/pmg/pmg-authkey.key
cp fullchain.pem /etc/pmg/pmg-tls.pem
Restart service
Code: 
service pmgproxy restart
login in a new tab, don't reload.
Click to expand...

This command does not need to run correct?
cp privkey.pem /etc/pmg/pmg-authkey.key
 
calocen said:
A tiny recipe to use letsencrypt certificates with Proxmox Mail Gateway 5.0
Previously update / dist-upgrade your host and create a backup of /etc folder

Install letsencrypt certbot
Code: 
apt-get install -y certbot
Install a new certificate
Code: 
certbot --authenticator standalone certonly -d $(hostname -f) --agree-tos
Jump to new certificate and replace selfsigned pmg

Code: 
pushd /etc/letsencrypt/live/$(hostname -f)
cat privkey.pem cert.pem > /etc/pmg/pmg-api.pem
cp fullchain.pem /etc/pmg/pmg-tls.pem
Restart service
Code: 
service pmgproxy restart
login in a new tab, don't reload.

[EDIT]
This line was a typo: cp privkey.pem /etc/pmg/pmg-authkey.key
Click to expand...

Hi

letsencrypt renews ssl automatic ?
 
Jerico815 said:
You have to create a cronjob.
Click to expand...

The debian (stretch) package comes with a cron job and a systemd timer.

The cron job won't execute the renew command when you are running systemd (if /run/systemd/system is detected). It's done via certbot.timer
Edit certbot.service (/lib/systemd/system/certbot.service), i.e. preferred challenges, post-hook script & put your copy/restart commands in a post-hook script.
Make sure certbot.timer is started.
 
Last edited:
You must log in or register to reply here.
Top Bottom