Automate SSL certificate installation and renewal with Letsencrypt

Use this forum if you want to suggest a new feature to hMailServer. Before posting, please search the forum to confirm that it has not already been suggested.
Post Reply

Should hmailserver include letsencrypt SSL certificate installation and renewal out of the box?

Poll ended at 2023-01-26 16:55

Yes
4
100%
No
0
No votes
Not Sure
0
No votes
 
Total votes: 4

utilsites
New user
New user
Posts: 4
Joined: 2023-01-21 16:27

Automate SSL certificate installation and renewal with Letsencrypt

Post by utilsites » 2023-01-21 16:55

I think hmailserver could include the much needed functionality of install a SSL certificate and automate the renewal, by using letsencrypt.
As this can be complicated, as shown in some threads in this forum.

For example, the mailcow mail server has this functionality out-of-the-box.

Note: this was also mentioned here https://www.hmailserver.com/forum/viewt ... pt#p212405, but the thread responses diverted the subject.

User avatar
SorenR
Senior user
Senior user
Posts: 5676
Joined: 2006-08-21 15:38
Location: Denmark

Re: Automate SSL certificate installation and renewal with Letsencrypt

Post by SorenR » 2023-01-21 17:15

utilsites wrote:
2023-01-21 16:55
I think hmailserver could include the much needed functionality of install a SSL certificate and automate the renewal, by using letsencrypt.
As this can be complicated, as shown in some threads in this forum.

For example, the mailcow mail server has this functionality out-of-the-box.

Note: this was also mentioned here https://www.hmailserver.com/forum/viewt ... pt#p212405, but the thread responses diverted the subject.
The forum thread you are referring to is about a hMailServer derivative that appears to be abandoned.

If YOU volunteer to do the integration I am all for it.

I am not sure how many here is actually capable (TIME and skill) to do the integration.

Personally, I'd like so see a FINALIZED 5.7 before ANY major new work is planned!
There are still some very rare bugs/annoyances being handled with workaounds like; How to recover from a failed backup !!

There are two ways to solve the request. 1; C++ coding as API or 2; Include into Web Administration as PHP only code.

I've done my part... Now. Go do stuff!

Yeah, I used to work as a Solutions Architect :mrgreen:
SørenR.

Eight bytes walk into a bar. The bartender asks, “Can I get you anything?”
“Yeah,” reply the bytes. “Make us a double.”

User avatar
RvdH
Senior user
Senior user
Posts: 2483
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: Automate SSL certificate installation and renewal with Letsencrypt

Post by RvdH » 2023-01-22 12:19

SorenR wrote:
2023-01-21 17:15
How to recover from a failed backup !!
Simply delete everything created in previous failed backup? Either by script (OnBackupError) of withing hmailserver backup itself
It really doesn't look that hard... but i guess it is easier if it done for you!? :wink: (and no i'm not going to do it, as i never have failed backups :mrgreen: )
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
SorenR
Senior user
Senior user
Posts: 5676
Joined: 2006-08-21 15:38
Location: Denmark

Re: Automate SSL certificate installation and renewal with Letsencrypt

Post by SorenR » 2023-01-22 15:00

RvdH wrote:
2023-01-22 12:19
SorenR wrote:
2023-01-21 17:15
How to recover from a failed backup !!
Simply delete everything created in previous failed backup? Either by script (OnBackupError) of withing hmailserver backup itself
It really doesn't look that hard... but i guess it is easier if it done for you!? :wink: (and no i'm not going to do it, as i never have failed backups :mrgreen: )
I've had one failed backup in recent times - why? It turns out I booted the server mid backup :roll:

Anyways, I have been looking into maybe renaming "DataBackup" to "DataBackup.fail.<number>" to allow new backup to continue, just need to verify no running backup is active.
SørenR.

Eight bytes walk into a bar. The bartender asks, “Can I get you anything?”
“Yeah,” reply the bytes. “Make us a double.”

User avatar
Dravion
Senior user
Senior user
Posts: 1906
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: Automate SSL certificate installation and renewal with Letsencrypt

Post by Dravion » 2023-01-22 21:37

Mailcow is NOT a own product. Its a Repackaged Postfix+Dovevot Server Bundle with a few additions.
There are plenty of Howtows and scripts to get and renew Letsencrypt SSL-Certificates for Postfix and Dovevot.

PS:Postfix and Dovecot doesn't run on Windows in any shape or form. It requires a POSIX compliant build
infrastructure. Maybe it runs on WSIL or Cygwin/MSYS2 but not as standalone product.

mats
Normal user
Normal user
Posts: 37
Joined: 2018-05-06 20:58

Re: Automate SSL certificate installation and renewal with Letsencrypt

Post by mats » 2023-01-22 23:29

I agree with SorenR. There are more important things to be fixed.
Back in 2017 it was a little tricky to handle certs - Today it's easy

You can for example use the certify the web client/agent. It will manage a letsencrypt cert and it can be made to output it in pem format (that Hmailserver can use). It can also restart Hmailserver on cert renewal making it a fully automated solution.

I haven't tried to do it with certbot (yet)

utilsites
New user
New user
Posts: 4
Joined: 2023-01-21 16:27

Re: Automate SSL certificate installation and renewal with Letsencrypt

Post by utilsites » 2023-01-23 12:36

Thanks for the feedback.

Unfortunately I don't think I have the knowledge to implement it, neither the time, it would take me too long to learn and implement.

The mailcow citation was just to give an example of a mail server that has the out of the box feature requested (letsencrypt certificates handling). It runs on linux or docker I think.

I saw a solution with "Certify the web" software on github bseddon/letsencrypt-hmailserver, but it needs some tricks, and the software is not free or has some limits.

If @mats can post here a straightforward solution, it would be good.

User avatar
RvdH
Senior user
Senior user
Posts: 2483
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: Automate SSL certificate installation and renewal with Letsencrypt

Post by RvdH » 2023-01-24 09:57

utilsites wrote:
2023-01-23 12:36
Unfortunately I don't think I have the knowledge to implement it, neither the time, it would take me too long to learn and implement.
Guess you are in the wrong place then, managing a mailserver (+certificates) costs time
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

utilsites
New user
New user
Posts: 4
Joined: 2023-01-21 16:27

Re: Automate SSL certificate installation and renewal with Letsencrypt

Post by utilsites » 2023-01-25 21:12

RvdH wrote:
2023-01-24 09:57
utilsites wrote:
2023-01-23 12:36
Unfortunately I don't think I have the knowledge to implement it, neither the time, it would take me too long to learn and implement.
Guess you are in the wrong place then, managing a mailserver (+certificates) costs time
Yeah, maybe I should not try this, and just use a paid email service provider.
I think the time used for the certificates can be reduced a lot with automation, like said above, but someone still needs to implement the automation.

User avatar
mattg
Moderator
Moderator
Posts: 22159
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Automate SSL certificate installation and renewal with Letsencrypt

Post by mattg » 2023-01-26 02:07

On my Linux webserver I have a domain "mail.example.com" with a lets encrypt certificate through certbot

I simply share the folder that certbot creates, and my Windows machine uses the shared certifcates from my Linux server.

Once setup. it just works and is automatic

I don't know how easy this needs to be, what I do is pretty easy
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

utilsites
New user
New user
Posts: 4
Joined: 2023-01-21 16:27

Re: Automate SSL certificate installation and renewal with Letsencrypt

Post by utilsites » 2023-01-29 12:15

mattg wrote:
2023-01-26 02:07
On my Linux webserver I have a domain "mail.example.com" with a lets encrypt certificate through certbot

I simply share the folder that certbot creates, and my Windows machine uses the shared certifcates from my Linux server.

Once setup. it just works and is automatic

I don't know how easy this needs to be, what I do is pretty easy
I didn't try certbot, maybe it fits well like you said, even for windows instead of linux.
I just tried win acme and it was not straightforward, but maybe in the most recent version is.

Post Reply