1 Topic by KNERD

  • KNERD
  • Member
  • Offline
  • Registered: 2019-01-25
  • Posts: 63

Topic: Let's Encrypt docs out of date now? Multiple domains

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.3.2 MARIADB edition.
- Deployed with iRedMail downloadable installer?
- Linux/BSD distribution name and version: Debian 10
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No


I am having to migrate to a new server after a couple of years from .98 so I have forgotten how to put Let's Encrypt Certificates on the server.

The documentation mentions:

https://docs.iredmail.org/letsencrypt.h … -encrypt_1


If you need to support multiple host names, you can specify multiple -w and -d arguments like below:

certbot certonly \
    --webroot \
    --dry-run \
    -w /var/www/html \
    -d mail.mydomain.com \
    -w /var/www/vhosts/2nd-domain.com \
    -d 2nd-domain.com \
    -w /var/www/vhosts/3rd-domain.com \
    -d 3rd-domain.com


The problem is there is no /var/www/vhosts folder

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Let's Encrypt docs out of date now? Multiple domains

The path "/var/www/vhosts/2nd-domain.com" and "/var/www/vhosts/3rd-domain.com" are the directories you used to store web files for your web domain names. If they use same directory, then you can specify same directory in "-w".

3 Reply by KNERD

  • KNERD
  • Member
  • Offline
  • Registered: 2019-01-25
  • Posts: 63

Re: Let's Encrypt docs out of date now? Multiple domains

With the first domain, I just ran "certbot certonly --webroot -w /var/www/html -d mail.mydomain.com" and it is working out.

Then based on what you have told me, I ran

certbot certonly  -w /var/www/html -d mail.domain2.com -d mail.domain3.com -d mail.domain4.com -d mail.domain5.com


Then executed  service postfix restart; service nginx restart; service dovecot restart

Domains 2-5 are still showing up as not secure when visiting the roundcube site domain URL

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Let's Encrypt docs out of date now? Multiple domains

KNERD wrote:

Then based on what you have told me, I ran
certbot certonly  -w /var/www/html -d mail.domain2.com -d mail.domain3.com -d mail.domain4.com -d mail.domain5.com

Did it succeed?

KNERD wrote:

Domains 2-5 are still showing up as not secure when visiting the roundcube site domain URL

Do these web domains use correct let's encrypt cert/key files in Nginx config files?

5 Reply by KNERD

  • KNERD
  • Member
  • Offline
  • Registered: 2019-01-25
  • Posts: 63

Re: Let's Encrypt docs out of date now? Multiple domains

ZhangHuangbin wrote:
KNERD wrote:

Then based on what you have told me, I ran
certbot certonly  -w /var/www/html -d mail.domain2.com -d mail.domain3.com -d mail.domain4.com -d mail.domain5.com

Did it succeed?

KNERD wrote:

Domains 2-5 are still showing up as not secure when visiting the roundcube site domain URL

Do these web domains use correct let's encrypt cert/key files in Nginx config files?

It did succeed, but as I mentioned, the  certificates are not being used. Roundcube site for the other domains is not secure, and getting certificate error  when trying to connect to the mail server with Outlook on the other domains. Only the original domain is good.

6 Reply by Fastidious

  • Fastidious
  • Member
  • Offline
  • Registered: 2021-02-28
  • Posts: 40

Re: Let's Encrypt docs out of date now? Multiple domains

I believe you will need to edit the Nginx configuration file(s) to point to the certificate(s) and key(s). That’s done once, and everything should work fine from there on.

7 Reply by KNERD (edited by KNERD 2021-03-24 12:29:51)

  • KNERD
  • Member
  • Offline
  • Registered: 2019-01-25
  • Posts: 63

Re: Let's Encrypt docs out of date now? Multiple domains

Fastidious wrote:

I believe you will need to edit the Nginx configuration file(s) to point to the certificate(s) and key(s). That’s done once, and everything should work fine from there on.

So you are saying the only thing wrong is the nginx setup, then the email server will follow? I am doubting that,

If I recall correctly, when I set up the server last time in early 2019, I just followed the docs for Let's Encrypt and it just worked. The only thing not in the docs I do recall was the need to have to restart some of the services after the certificate renewal.

8 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Let's Encrypt docs out of date now? Multiple domains

This issue was solved after discussed in Telegram group chat, the cert was linked to wrong file.