2
Using Let's Encrypt Certificates for TLS
Question asked by Rafael Grecco - 10/7/2020 at 7:33 AM
Answered
Hi,

I just configured a new server (homologation environment) with all security protocols enabled - HTTPS, DKIM, DMARC and TLS.

I would like your input if DMARC is worth using or not. I've read that there are a lot of problems with it. Do you guys use it?

I also would like to know if any of you have experience using Lets Encrrypt for TLS. I use Lets Encrypt with "Certify The Web" software to automate the renewing process. It works wonderfully for ISS.

So I used the same certificate to enable TLS. I followed these steps: Open MMC -> Export certificate issued by Lets Encrypt to some folder -> Configured Smartermail's bindings to use that certificate.

Eveything is working flawlessly, but my question is if I have to repeat this manual process every time the certificate is renewed.

If so, is there a way to automate this process?

Thank you!

7 Replies

Reply to Thread
0
Robert Simpson Replied
I created a Scheduled Task that runs once a day, which exports the TLS cert to a PFX file that SM points to for TLS/SSL encryption.
That way the Certify the Web app is renewing every 30 days or so, and this scheduled task automates the export to file.

0
Heimir Eidskrem Replied
Would you mind posting your script for the export??

1
Robert Simpson Replied
Marked As Answer
The Task Scheduler executes a .bat file that looks like this:
Powershell.exe -executionpolicy remotesigned -File C:\Smartermail\ExportCert.ps1
The Powershell script looks like this:
//* MAKE SURE to modify the 3 areas that require it: mail domain, password and path to the PFX on your server 

(Get-ChildItem -Path cert:\LocalMachine\My |
Where-Object {$_.Subject -match "mail.mydomain.com"} |
Sort-Object -Property NotAfter -Descending |
Select-Object -first 1) | Foreach-Object {&certutil.exe @('-exportpfx', '-f', '-p','mypassword',$_.Thumbprint, "C:\SmarterMail\mail.mydomain.com.pfx")}

0
Rafael Grecco Replied
Robert, thank you very much!
0
Heimir Eidskrem Replied
Thank you so much Robert.
I setup letsencrypt using win-acme.
Needed to create the export and was looking for a script.
Perfect timing...

H.


1
Kyle Kerst Replied
Employee Post
I am happy to hear you were able to get this resolved. For future reference this process is detailed in the following KB article: 


Once set up the certificate renewal, export, and binding should all be automated using those steps. I do recommend you check in on this process periodically to ensure things are running smoothly.
Kyle Kerst System/Network Administrator SmarterTools Inc. (877) 357-6278 www.smartertools.com
0
Heimir Eidskrem Replied
Thanks Kyle,
Very helpful and great timing.


Reply to Thread