Automate SSL certificate installation and renewal with Letsencrypt

[utilsites]

I think hmailserver could include the much needed functionality of install a SSL certificate and automate the renewal, by using letsencrypt.
As this can be complicated, as shown in some threads in this forum.

For example, the mailcow mail server has this functionality out-of-the-box.

Note: this was also mentioned here https://www.hmailserver.com/forum/viewt ... pt#p212405, but the thread responses diverted the subject.

[SorenR]

I think hmailserver could include the much needed functionality of install a SSL certificate and automate the renewal, by using letsencrypt.
As this can be complicated, as shown in some threads in this forum.

For example, the mailcow mail server has this functionality out-of-the-box.

Note: this was also mentioned here https://www.hmailserver.com/forum/viewt ... pt#p212405, but the thread responses diverted the subject.

The forum thread you are referring to is about a hMailServer derivative that appears to be abandoned.

If YOU volunteer to do the integration I am all for it.

I am not sure how many here is actually capable (TIME and skill) to do the integration.

Personally, I'd like so see a FINALIZED 5.7 before ANY major new work is planned!
There are still some very rare bugs/annoyances being handled with workaounds like; How to recover from a failed backup !!

There are two ways to solve the request. 1; C++ coding as API or 2; Include into Web Administration as PHP only code.

I've done my part... Now. Go do stuff!

Yeah, I used to work as a Solutions Architect

[RvdH]

How to recover from a failed backup !!

Simply delete everything created in previous failed backup? Either by script (OnBackupError) of withing hmailserver backup itself
It really doesn't look that hard... but i guess it is easier if it done for you!? (and no i'm not going to do it, as i never have failed backups )

[SorenR]

How to recover from a failed backup !!

Simply delete everything created in previous failed backup? Either by script (OnBackupError) of withing hmailserver backup itself
It really doesn't look that hard... but i guess it is easier if it done for you!? (and no i'm not going to do it, as i never have failed backups )

I've had one failed backup in recent times - why? It turns out I booted the server mid backup

Anyways, I have been looking into maybe renaming "DataBackup" to "DataBackup.fail.<number>" to allow new backup to continue, just need to verify no running backup is active.

[Dravion]

Mailcow is NOT a own product. Its a Repackaged Postfix+Dovevot Server Bundle with a few additions.
There are plenty of Howtows and scripts to get and renew Letsencrypt SSL-Certificates for Postfix and Dovevot.

PS:Postfix and Dovecot doesn't run on Windows in any shape or form. It requires a POSIX compliant build
infrastructure. Maybe it runs on WSIL or Cygwin/MSYS2 but not as standalone product.

[mats]

I agree with SorenR. There are more important things to be fixed.
Back in 2017 it was a little tricky to handle certs - Today it's easy

You can for example use the certify the web client/agent. It will manage a letsencrypt cert and it can be made to output it in pem format (that Hmailserver can use). It can also restart Hmailserver on cert renewal making it a fully automated solution.

I haven't tried to do it with certbot (yet)

[utilsites]

Thanks for the feedback.

Unfortunately I don't think I have the knowledge to implement it, neither the time, it would take me too long to learn and implement.

The mailcow citation was just to give an example of a mail server that has the out of the box feature requested (letsencrypt certificates handling). It runs on linux or docker I think.

I saw a solution with "Certify the web" software on github bseddon/letsencrypt-hmailserver, but it needs some tricks, and the software is not free or has some limits.

If @mats can post here a straightforward solution, it would be good.

[RvdH]

Unfortunately I don't think I have the knowledge to implement it, neither the time, it would take me too long to learn and implement.

Guess you are in the wrong place then, managing a mailserver (+certificates) costs time

[utilsites]

Unfortunately I don't think I have the knowledge to implement it, neither the time, it would take me too long to learn and implement.

Guess you are in the wrong place then, managing a mailserver (+certificates) costs time

Yeah, maybe I should not try this, and just use a paid email service provider.
I think the time used for the certificates can be reduced a lot with automation, like said above, but someone still needs to implement the automation.

[mattg]

On my Linux webserver I have a domain "mail.example.com" with a lets encrypt certificate through certbot

I simply share the folder that certbot creates, and my Windows machine uses the shared certifcates from my Linux server.

Once setup. it just works and is automatic

I don't know how easy this needs to be, what I do is pretty easy

[utilsites]

On my Linux webserver I have a domain "mail.example.com" with a lets encrypt certificate through certbot

I simply share the folder that certbot creates, and my Windows machine uses the shared certifcates from my Linux server.

Once setup. it just works and is automatic

I don't know how easy this needs to be, what I do is pretty easy

I didn't try certbot, maybe it fits well like you said, even for windows instead of linux.
I just tried win acme and it was not straightforward, but maybe in the most recent version is.