Proxmox Mail Gateway + Letsencrypt

calocen

New Member
Oct 27, 2008
8
0
1
[MODERATOR EDIT]: See https://forum.proxmox.com/threads/how-to-lets-encrypt-and-pmg.41493/ instead!

A tiny recipe to use letsencrypt certificates with Proxmox Mail Gateway 5.0
Previously update / dist-upgrade your host and create a backup of /etc folder

Install letsencrypt certbot
Code:
apt-get install -y certbot
Install a new certificate
Code:
certbot --authenticator standalone certonly -d $(hostname -f) --agree-tos
Jump to new certificate and replace selfsigned pmg

Code:
pushd /etc/letsencrypt/live/$(hostname -f)
cat privkey.pem cert.pem > /etc/pmg/pmg-api.pem
cp fullchain.pem /etc/pmg/pmg-tls.pem
Restart service
Code:
service pmgproxy restart
login in a new tab, don't reload.

[EDIT]
This line was a typo: cp privkey.pem /etc/pmg/pmg-authkey.key
 
Last edited:
A tiny recipe to use letsencrypt certificates with Proxmox Mail Gateway 5.0
Previously update / dist-upgrade your host and create a backup of /etc folder

Install letsencrypt certbot
Code:
apt-get install -y certbot
Install a new certificate
Code:
certbot --authenticator standalone certonly -d $(hostname -f) --agree-tos
Jump to new certificate and replace selfsigned pmg

Code:
pushd /etc/letsencrypt/live/$(hostname -f)
cat privkey.pem cert.pem > /etc/pmg/pmg-api.pem
cp privkey.pem /etc/pmg/pmg-authkey.key
cp fullchain.pem /etc/pmg/pmg-tls.pem
Restart service
Code:
service pmgproxy restart
login in a new tab, don't reload.

This howto looks wrong to me, I cannot see that TLS on postfix can work with this.
 
A tiny recipe to use letsencrypt certificates with Proxmox Mail Gateway 5.0
Previously update / dist-upgrade your host and create a backup of /etc folder

Install letsencrypt certbot
Code:
apt-get install -y certbot
Install a new certificate
Code:
certbot --authenticator standalone certonly -d $(hostname -f) --agree-tos
Jump to new certificate and replace selfsigned pmg

Code:
pushd /etc/letsencrypt/live/$(hostname -f)
cat privkey.pem cert.pem > /etc/pmg/pmg-api.pem
# [EDIT] This line was a typo: cp privkey.pem /etc/pmg/pmg-authkey.key
cp fullchain.pem /etc/pmg/pmg-tls.pem
Restart service
Code:
service pmgproxy restart
login in a new tab, don't reload.

This command does not need to run correct?
cp privkey.pem /etc/pmg/pmg-authkey.key
 
A tiny recipe to use letsencrypt certificates with Proxmox Mail Gateway 5.0
Previously update / dist-upgrade your host and create a backup of /etc folder

Install letsencrypt certbot
Code:
apt-get install -y certbot
Install a new certificate
Code:
certbot --authenticator standalone certonly -d $(hostname -f) --agree-tos
Jump to new certificate and replace selfsigned pmg

Code:
pushd /etc/letsencrypt/live/$(hostname -f)
cat privkey.pem cert.pem > /etc/pmg/pmg-api.pem
cp fullchain.pem /etc/pmg/pmg-tls.pem
Restart service
Code:
service pmgproxy restart
login in a new tab, don't reload.

[EDIT]
This line was a typo: cp privkey.pem /etc/pmg/pmg-authkey.key

Hi

letsencrypt renews ssl automatic ?
 
You have to create a cronjob.

The debian (stretch) package comes with a cron job and a systemd timer.

The cron job won't execute the renew command when you are running systemd (if /run/systemd/system is detected). It's done via certbot.timer
Edit certbot.service (/lib/systemd/system/certbot.service), i.e. preferred challenges, post-hook script & put your copy/restart commands in a post-hook script.
Make sure certbot.timer is started.
 
Last edited:

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!