Proxmox Mail Gateway + Letsencrypt

calocen

New Member
Oct 27, 2008
8
0
1
[MODERATOR EDIT]: See https://forum.proxmox.com/threads/how-to-lets-encrypt-and-pmg.41493/ instead!

A tiny recipe to use letsencrypt certificates with Proxmox Mail Gateway 5.0
Previously update / dist-upgrade your host and create a backup of /etc folder

Install letsencrypt certbot
Code: 
apt-get install -y certbot
Install a new certificate
Code: 
certbot --authenticator standalone certonly -d $(hostname -f) --agree-tos
Jump to new certificate and replace selfsigned pmg

Code: 
pushd /etc/letsencrypt/live/$(hostname -f)
cat privkey.pem cert.pem > /etc/pmg/pmg-api.pem
cp fullchain.pem /etc/pmg/pmg-tls.pem
Restart service
Code: 
service pmgproxy restart
login in a new tab, don't reload.

[EDIT]
This line was a typo: cp privkey.pem /etc/pmg/pmg-authkey.key
 
Last edited:
tom

tom

Proxmox Staff Member
Staff member
Aug 29, 2006
14,276
534
133
calocen said:
A tiny recipe to use letsencrypt certificates with Proxmox Mail Gateway 5.0
Previously update / dist-upgrade your host and create a backup of /etc folder

Install letsencrypt certbot
Code: 
apt-get install -y certbot
Install a new certificate
Code: 
certbot --authenticator standalone certonly -d $(hostname -f) --agree-tos
Jump to new certificate and replace selfsigned pmg

Code: 
pushd /etc/letsencrypt/live/$(hostname -f)
cat privkey.pem cert.pem > /etc/pmg/pmg-api.pem
cp privkey.pem /etc/pmg/pmg-authkey.key
cp fullchain.pem /etc/pmg/pmg-tls.pem
Restart service
Code: 
service pmgproxy restart
login in a new tab, don't reload.
Click to expand...
This howto looks wrong to me, I cannot see that TLS on postfix can work with this.
 

calocen

New Member
Oct 27, 2008
8
0
1
I'm very sorry. I've made a mistake including the line about pmg-authkey.key.
 

Juliano Silva

Member
Oct 15, 2017
182
2
23
35
calocen said:
A tiny recipe to use letsencrypt certificates with Proxmox Mail Gateway 5.0
Previously update / dist-upgrade your host and create a backup of /etc folder

Install letsencrypt certbot
Code: 
apt-get install -y certbot
Install a new certificate
Code: 
certbot --authenticator standalone certonly -d $(hostname -f) --agree-tos
Jump to new certificate and replace selfsigned pmg

Code: 
pushd /etc/letsencrypt/live/$(hostname -f)
cat privkey.pem cert.pem > /etc/pmg/pmg-api.pem
# [EDIT] This line was a typo: cp privkey.pem /etc/pmg/pmg-authkey.key
cp fullchain.pem /etc/pmg/pmg-tls.pem
Restart service
Code: 
service pmgproxy restart
login in a new tab, don't reload.
Click to expand...
This command does not need to run correct?
cp privkey.pem /etc/pmg/pmg-authkey.key
 
tom

tom

Proxmox Staff Member
Staff member
Aug 29, 2006
14,276
534
133

Juliano Silva

Member
Oct 15, 2017
182
2
23
35
calocen said:
A tiny recipe to use letsencrypt certificates with Proxmox Mail Gateway 5.0
Previously update / dist-upgrade your host and create a backup of /etc folder

Install letsencrypt certbot
Code: 
apt-get install -y certbot
Install a new certificate
Code: 
certbot --authenticator standalone certonly -d $(hostname -f) --agree-tos
Jump to new certificate and replace selfsigned pmg

Code: 
pushd /etc/letsencrypt/live/$(hostname -f)
cat privkey.pem cert.pem > /etc/pmg/pmg-api.pem
cp fullchain.pem /etc/pmg/pmg-tls.pem
Restart service
Code: 
service pmgproxy restart
login in a new tab, don't reload.

[EDIT]
This line was a typo: cp privkey.pem /etc/pmg/pmg-authkey.key
Click to expand...
Hi

letsencrypt renews ssl automatic ?
 

ChFin

Member
Proxmox Subscriber
Jan 30, 2018
50
15
8
Jerico815 said:
You have to create a cronjob.
Click to expand...
The debian (stretch) package comes with a cron job and a systemd timer.

The cron job won't execute the renew command when you are running systemd (if /run/systemd/system is detected). It's done via certbot.timer
Edit certbot.service (/lib/systemd/system/certbot.service), i.e. preferred challenges, post-hook script & put your copy/restart commands in a post-hook script.
Make sure certbot.timer is started.
 
Last edited:
tom

tom

Proxmox Staff Member
Staff member
Aug 29, 2006
14,276
534
133
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE and Proxmox Mail Gateway. We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!
Forum software by XenForo® © 2010-2020 XenForo Ltd.
Top Bottom