I just want to ask if Axigen and Lets Encrypt support DDNS domains? rather than creating a self signed certificate in which all browsers will show warning everytime you open webadmin, webmail unless to install it as trusted certificate.
I am not using my Axigen mail server to be broadcast on my DNS for my mailers domain.
If by DDNS you are referring to Dynamic DNS that there is no need for a special setup other than for a “normal” domain.
All you need is to follow our documentation available here (please pay attention to enabling the WebMail listener on port 80 as this is the one used to validate the ownership of the requested SSL certificate hostname).
Understood, But my axigen server does not have a DNS Entry that is why I am using DDNS. Because the current location where the Axigen reside is on a Dynamic IP.
Than this is something which should be fixed on your side (like a DDNS client configured on your server / router).
If you need some hints from our side please let us know which DDNS service are you using and if your Axigen server is on a Linux machine (please let us know the exact type and version of the OS) as we could provide some help on for this type of OS.
I do have all setup DDNS client configured already.
Then the last step will be the port forwarding on the router for the ports i needed.
Like
HTTP on port 80 and HTTPS on port 443?
So it means if I use NOIP as my provider for DDNS and my hostname will be “xxxx.ddns.me” then I can create directly from axigen a new cerificate for “xxxx.ddns.me” is that correct?
I use ZoneEdit for my DDNS and it works fine. As long as Let’s Encrypt can find your current IP address and connect to the ports, it works. (I just renewed my Let’s Encrypt certificate this morning.)
If you whish to use DNS Challenge (which for obvious reasons is not supported by Axigen) than you should use an external ACME client that support it and, when the certificate is updated, update the certificate on Axigen side and restart the Axigen service.
privkey.pem : the private key for your certificate. fullchain.pem: the certificate file used in most server software. chain.pem : used for OCSP stapling in Nginx >=1.3.7. cert.pem : will break many server configurations, and should not be used
without reading further documentation (see link below).
Axigen requires that the “cert” file to include both the private key and public certificate.
My suggestion is to merge privkey.pem with fullchain.pem (like cat privkey.pem fullchain.pem >> lets-encrypt-cert.pem) and use that file into Axigen listener(s) (it should have read access for axigen user).