1 Topic by HankM

  • HankM
  • Member
  • Offline
  • Registered: 2022-09-07
  • Posts: 4

Topic: Unable to install Let's Encrypt Certificate

iRedMail version 1.6.1
Downloadable installer
Alma 8.6
MySQL
Nginx

Im not a Linux 'guru' very much nuub
Installed iRedmail according to this
linuxbabe/mail-server/rocky-linux-8-alma-linux-8-iredmail-email-server

Followed each step. There were no problems until I came to installing the Letsencrypt certificate.

Let's Debug, shows everything is fine, but I get a verification error.

Letsencrypt support say that its returning an apache server and lo and behold an apache server is on the machine (but I didn't put it there).

I know apache quite well but I've NEVER worked with Nginx and was disappointed to see it's no longer supported by iRedMail

Can anyone offer any help. Lets encrypt blame the installation. Why is apache there and why is apache being used to verify the certificate.

I thought the install was so easy. Seems it isn't

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,082

Re: Unable to install Let's Encrypt Certificate

Please follow our tutorial instead:
https://docs.iredmail.org/letsencrypt.html

3 Reply by HankM

  • HankM
  • Member
  • Offline
  • Registered: 2022-09-07
  • Posts: 4

Re: Unable to install Let's Encrypt Certificate

ZhangHuangbin wrote:

Please follow our tutorial instead:
docs.iredmail.org/letsencrypt.html

I reinstalled the server and followed your guide.

I found the problem, but there isn't a lot I can do about it.
I have a registered domain myDomain.com at a hosting site in Canada. I've had it since the mid 1990s. I was getting so much spam. I decided to setup my own mail server.
I used to work for Novell EMEA support (3rd line) before I retired and Novell ceased to exist.

I asked the hosting provider to create a sub-domain office.myDomain.com and redirected the MX record to point to that.

It was fine until recently, but GroupWise 7 is a little long in the tooth, so I decided to create a different mail server and move (hundreds of important emails from the current GW 7 server to the new one.

iRedmail seemed to be the way to go. (Linux is a far cry from eDirectory/NDS, GroupWise and ZenWorks).

The problem is that the Hosting company for myDomain.com, refuse to implement Let's Encrypt. They have a 'do-it-yourself' so you have to remember to create and upload a new certificate every 90 days and at 81 years old there is NO WAY I'll pay for a certificate.

I don't suppose there's a way around this.

Roundcube is working fine. I sent mails to my protonmail account and to Gmail (I have SPF and DMARC entries for the office.myDomain account.

Whilst Roundcube seems to work OK (and on the browser, it has the padlock because the sub-domain has an SSL from Let's Encrypt, I can't get it to work with Outlook or Thunderbird. I guess not having an SSL might have something to do with it.

Can you give me the info I neded to configure a client (either thunderbird or Outlook, I don't care. If I can get that to work, I'll add another MX record and set the priority to 10 until I can transfer everything from GW7 to iRedmail.

Your help to setup a client would be much appreciated.

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,082

Re: Unable to install Let's Encrypt Certificate

Did you check our tutorial here?
https://docs.iredmail.org/#mua

5 Reply by HankM

  • HankM
  • Member
  • Offline
  • Registered: 2022-09-07
  • Posts: 4

Re: Unable to install Let's Encrypt Certificate

ZhangHuangbin wrote:

Did you check our tutorial here?
docs.iredmail.org/#mua

Yes, but it just keeps complaining because the sub-domain account doesn't have a Certificate.

Is there ANY way I can get a (self-renewable) letsencrypt certificate for the SUB-domain (office.myDomain.com), WITHOUT involving the myDomain.com.

If not, I guess I'm just stuck with my old GW client!

6 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,082

Re: Unable to install Let's Encrypt Certificate

You can request cert for sub-domain from LetsEncrypt.

7 Reply by HankM

  • HankM
  • Member
  • Offline
  • Registered: 2022-09-07
  • Posts: 4

Re: Unable to install Let's Encrypt Certificate

ZhangHuangbin wrote:

You can request cert for sub-domain from LetsEncrypt.

Great. How?

8 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,082

Re: Unable to install Let's Encrypt Certificate

Nothing different than using a primary domain name.