I guess you should choose pem first (for hmailserver) then iis certificate store.Enter 2 for PEM. This will work without fuss with hMailServer.Code: Select all
When we have the certificate, you can store in one or more ways to make it accessible to your applications. The Windows Certificate Store is the default location for IIS (unless you are managing a cluster of them). 1: IIS Central Certificate Store (.pfx per domain) 2: PEM encoded files (Apache, nginx, etc.) 3: Windows Certificate Store C: Abort How would you like to store the certificate?:
Choose a path and enter it.Code: Select all
Path to folder where .pem files are stored:
Enter 3 for no additional, unless you want one of the other options.Code: Select all
1: IIS Central Certificate Store (.pfx per domain) 2: Windows Certificate Store 3: No additional storage steps required C: Abort Would you like to store it in another way too?:
Step by step LetsEncrypt WinSimple
Re: Step by step LetsEncrypt WinSimple
From my other tutorial: https://hmailserver.com/forum/viewtopic ... 21&t=34386
Re: Step by step LetsEncrypt WinSimple
Thanks, I've been pouring over your guide, very helpful. I guess I' will need to pick PEM and then IIS store as the second option. The part where I'm stuck is, do I need to revoke/cancel the existing renewal task or can I change the settings of the existing task (if so from where?) or should I select the option to Create manual renewal (full options) and just leave the existing renewal along (i.e. it will be overwritten).
Re: Step by step LetsEncrypt WinSimple
As far as I know, v1 and v2 are not compatible. So after you upgrade, the old scheduled task will no longer work. Choose the option of creating a new one. I think you'll have to manually delete the old one from task scheduler.
Re: Step by step LetsEncrypt WinSimple
Thank you very much, so I finally got this done with some hesitation but I have to say v2.1.7 of Win Amce is so much more powerful and friendly than v1.9, it was actually a breeze to set it up. For the benefit of folks who want to use IIS/FTP and hMailServer together here are a few tips and the steps I used:
NOTES:
NOTES:
- Creating a new renewal certificate does not overwrite existing renewal/binding tasks
- PEM is can also be used for hMailServer and the PEM store is just basically a folder which contains the Chain, Key and Crt PEM files to be used by third party programs. The default store used by IIS/FTP is the Windows Certificate Store.
- It's safe to add multiple stores without impacting any existing IIS/FTP bindings. The order that I used and appears to be working is Windows Certificate Store (for IIS/FTP) and secondary PEM store. The flow is beautiful and super easy, the prompts are fantastic and it prompts you to add a secondary store after you select the first store and the default settings with the colors just do a brilliant job for making a very complex operation very simple.
- After extracting, I started wacs.exe, I selected the domain I wanted to get use with IIS and hMailServer and deleted that one single domain under the menu.
Code: Select all
O: More options...
- Then from the main menu I selected the , selected that same domain, picked IIS, picked the Central Windows Stores as the first store (default), then selected the PEM store as the secondary option, entered the folder I wanted them (make sure the folder exists) and followed the default prompts after that to complete the renewal.
Code: Select all
M: Manual renewal (full option)
- Win Acme downloaded the certificates, bound them to IIS and also exported a copy of them to the PEM folder.
- Now simply point the PEM certificates to hMailServer in the configuration.
Re: Step by step LetsEncrypt WinSimple
@mattg
My HmailServer have to domains added. but only one domain have a web server.
Thank you
RDA
Could you please explain how you do this ? i too wish to do the same to automate the renewal of certificates. I have a different server running my web server on Ubuntu / Apache2."I get the pem files with my apache server running on Ubuntu, and access these from hMailserver directly via network shares using UNC paths in the ADMIN GUI and it works fine "
My HmailServer have to domains added. but only one domain have a web server.
Thank you
RDA
Re: Step by step LetsEncrypt WinSimple
My webmail url is 'mail.example.com'
(roundcube hosted on my Ubuntu | Nginx box)
and this url is ALSO my local host name on my hMailsevrer
I let certbot renew certificates for my webserver, and have shared the live certificate folder (/etc/letsencrypt/live) via Samba|SMB
I access this SMB share from windows with a UNC path
certificate file (in hmailAdmin) = \\10.10.10.100\mail.example.com\fullchain.pem
private key file (in hmailAdmin) = \\10.10.10.100\mail.example.com\privkey.pem
I just need to restart my hmailserver at least every 30 days - but windows updates takes care of that
(as as aside, if you are SSL securing your websites, change to nginx from apache - less than half the memory usage, and so much faster normally)
(roundcube hosted on my Ubuntu | Nginx box)
and this url is ALSO my local host name on my hMailsevrer
I let certbot renew certificates for my webserver, and have shared the live certificate folder (/etc/letsencrypt/live) via Samba|SMB
I access this SMB share from windows with a UNC path
certificate file (in hmailAdmin) = \\10.10.10.100\mail.example.com\fullchain.pem
private key file (in hmailAdmin) = \\10.10.10.100\mail.example.com\privkey.pem
I just need to restart my hmailserver at least every 30 days - but windows updates takes care of that
(as as aside, if you are SSL securing your websites, change to nginx from apache - less than half the memory usage, and so much faster normally)
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
Re: Step by step LetsEncrypt WinSimple
@mattg Thank you.