Proxmox Mail Gateway + Letsencrypt

calocen

New Member
Oct 27, 2008
8
0
1
A tiny recipe to use letsencrypt certificates with Proxmox Mail Gateway 5.0
Previously update / dist-upgrade your host and create a backup of /etc folder

Install letsencrypt certbot
Code:
apt-get install -y certbot
Install a new certificate
Code:
certbot --authenticator standalone certonly -d $(hostname -f) --agree-tos
Jump to new certificate and replace selfsigned pmg

Code:
pushd /etc/letsencrypt/live/$(hostname -f)
cat privkey.pem cert.pem > /etc/pmg/pmg-api.pem
cp fullchain.pem /etc/pmg/pmg-tls.pem
Restart service
Code:
service pmgproxy restart
login in a new tab, don't reload.

[EDIT]
This line was a typo: cp privkey.pem /etc/pmg/pmg-authkey.key
 
Last edited:

tom

Proxmox Staff Member
Staff member
Aug 29, 2006
13,673
426
83
A tiny recipe to use letsencrypt certificates with Proxmox Mail Gateway 5.0
Previously update / dist-upgrade your host and create a backup of /etc folder

Install letsencrypt certbot
Code:
apt-get install -y certbot
Install a new certificate
Code:
certbot --authenticator standalone certonly -d $(hostname -f) --agree-tos
Jump to new certificate and replace selfsigned pmg

Code:
pushd /etc/letsencrypt/live/$(hostname -f)
cat privkey.pem cert.pem > /etc/pmg/pmg-api.pem
cp privkey.pem /etc/pmg/pmg-authkey.key
cp fullchain.pem /etc/pmg/pmg-tls.pem
Restart service
Code:
service pmgproxy restart
login in a new tab, don't reload.
This howto looks wrong to me, I cannot see that TLS on postfix can work with this.
 

calocen

New Member
Oct 27, 2008
8
0
1
I'm very sorry. I've made a mistake including the line about pmg-authkey.key.
 

Juliano Silva

Member
Oct 15, 2017
164
0
16
35
A tiny recipe to use letsencrypt certificates with Proxmox Mail Gateway 5.0
Previously update / dist-upgrade your host and create a backup of /etc folder

Install letsencrypt certbot
Code:
apt-get install -y certbot
Install a new certificate
Code:
certbot --authenticator standalone certonly -d $(hostname -f) --agree-tos
Jump to new certificate and replace selfsigned pmg

Code:
pushd /etc/letsencrypt/live/$(hostname -f)
cat privkey.pem cert.pem > /etc/pmg/pmg-api.pem
# [EDIT] This line was a typo: cp privkey.pem /etc/pmg/pmg-authkey.key
cp fullchain.pem /etc/pmg/pmg-tls.pem
Restart service
Code:
service pmgproxy restart
login in a new tab, don't reload.
This command does not need to run correct?
cp privkey.pem /etc/pmg/pmg-authkey.key
 

Juliano Silva

Member
Oct 15, 2017
164
0
16
35
A tiny recipe to use letsencrypt certificates with Proxmox Mail Gateway 5.0
Previously update / dist-upgrade your host and create a backup of /etc folder

Install letsencrypt certbot
Code:
apt-get install -y certbot
Install a new certificate
Code:
certbot --authenticator standalone certonly -d $(hostname -f) --agree-tos
Jump to new certificate and replace selfsigned pmg

Code:
pushd /etc/letsencrypt/live/$(hostname -f)
cat privkey.pem cert.pem > /etc/pmg/pmg-api.pem
cp fullchain.pem /etc/pmg/pmg-tls.pem
Restart service
Code:
service pmgproxy restart
login in a new tab, don't reload.

[EDIT]
This line was a typo: cp privkey.pem /etc/pmg/pmg-authkey.key
Hi

letsencrypt renews ssl automatic ?
 
Jan 30, 2018
50
14
8
You have to create a cronjob.
The debian (stretch) package comes with a cron job and a systemd timer.

The cron job won't execute the renew command when you are running systemd (if /run/systemd/system is detected). It's done via certbot.timer
Edit certbot.service (/lib/systemd/system/certbot.service), i.e. preferred challenges, post-hook script & put your copy/restart commands in a post-hook script.
Make sure certbot.timer is started.
 
Last edited:

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE and Proxmox Mail Gateway. We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!