LetsEncrypt - Axigen Webmail on same machine as Apache Webserver

Hi all,

I have Apache running on RedHat (RHEL) v9.3 with a number of VirtualHosts.
Certbot runs very successfully renewing a bunch of LetsEncrypt (LE) certs for the VirtualHosts.
LetsEncrypt (LE) requires access to the Apache webserver on ports 80 and 443 to renew its certificates.

Axigen (v10.5.15) is also installed on the same RHEL machine.

Problem: Axigen WebMail cannot use ports 80 and 443 while Apache is running and using these ports. This means Axigen cannot create and auto-renew LE certificates unless Apache is shutdown and Axigen WebMail is reconfigured for ports 80 and 443 (every 90-days).

Clearly not a workable situation.

Possible solutions (??):

Either Apache is configured so the VirtualHost “mail.mydomain” on incoming ports 80 and 443 directs to Axigen WebMail on ports (for example) 81 and 444 (… not sure how to do this), or

Axigen is configured to used the LE certs created ‘externally’ for Apache by Certbot. i.e. Axigen does not directly manage the LE certs.

Solutions, thoughts, recommendations (or a better way) gratefully received.

A.

Hi,
the port redirect is working fine for this.

Create Apache HTTP config on Port 81 with direct file access for the .well-known/acme-challenge. Everything else is redirected to HTTPS.
Certbot should be using external webserver (only writes challenge to webroot).

As you are using certbot it has renewal hooks for “pre” and “post” deploy - just insert iptables[1] prerouting redirect rule from port 80 to 81 where letsencrypt/apache without https is waiting. After the cert renewal remove the iptables port redirect and things are fine. And within the “deploy” renewal hook reload axigen to reread the new certificate.

No outage than, everything working…

[1] something like this added and removed afterwards:

iptables -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 81