How to use Letsencrypt SSL certificate to secure imap/pop server?
Question asked by Juan Lai - 8/27/2020 at 12:08 AM
Hello All,

  I already read this KB and found it seems not work if I am using Letsencrypt SSL. The password authentication always failed. 

  And is there any way to auto-renew every 3 months with IIS certificate renewed? 

  Thank you very much.

Juan Lai

2 Replies

Reply to Thread
Neil Harvey Replied

I do it the following way.

I use win-acme (used to be letsencrypt winsimple) which sets a scheduled task to check the certs daily and updated when needed.

Make sure that the certs are saved in the my cache.

Create the following powershell script

# Start Export
Get-ChildItem -Path 'Cert:\localmachine\my' |
Where-Object { $_.hasPrivateKey } | Where-Object {$_.Subject -imatch ""} |
Foreach-Object {&certutil.exe @('-exportpfx', '-f', '-p', 'yourpassword',$_.Thumbprint,"c:\smartermail\certs\")}
# End Export

This searches for the correct CN and then exports to a folder of your choice

I then call the following batch file from a scheduled task

# Start of Scheduled Job Batch file
powershell.exe -executionpolicy remotesigned -File "c:\Smartermail\Scripts\ExportCert - mymail.ps1"
# End of Scheduled Job Batch file

Then just assign the pfx file you have saved under the Port binding of SM using the password you set on the export.
Karl Jones Replied
This is the easiest way i have found so far, it even deploys and exports the certificates and auto renews

Reply to Thread