How to use Letsencrypt SSL certificate to secure imap/pop server?
Question asked by Juan Lai - 8/27/2020 at 12:08 AM
Unanswered
Hello All,

  I already read this KB https://portal.smartertools.com/kb/a2671/configure-ssl-tls-to-secure-smartermail.aspx and found it seems not work if I am using Letsencrypt SSL. The password authentication always failed. 

  And is there any way to auto-renew every 3 months with IIS certificate renewed? 

  Thank you very much.

rds
Juan Lai

2 Replies

Reply to Thread
2
Neil Harvey Replied
Hi,

I do it the following way.

I use win-acme (used to be letsencrypt winsimple) which sets a scheduled task to check the certs daily and updated when needed.


Make sure that the certs are saved in the my cache.

Create the following powershell script

# Start Export
Get-ChildItem -Path 'Cert:\localmachine\my' |
Where-Object { $_.hasPrivateKey } | Where-Object {$_.Subject -imatch "CN=mail.mymail.com"} |
Foreach-Object {&certutil.exe @('-exportpfx', '-f', '-p', 'yourpassword',$_.Thumbprint,"c:\smartermail\certs\mail.mymail.com.pfx")}
# End Export

This searches for the correct CN and then exports to a folder of your choice


I then call the following batch file from a scheduled task

# Start of Scheduled Job Batch file
powershell.exe -executionpolicy remotesigned -File "c:\Smartermail\Scripts\ExportCert - mymail.ps1"
# End of Scheduled Job Batch file

Then just assign the pfx file you have saved under the Port binding of SM using the password you set on the export.
0
Karl Jones Replied
This is the easiest way i have found so far, it even deploys and exports the certificates and auto renews
https://certifytheweb.com/

Reply to Thread