Axigen Community Forum

  • If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Announcement

Collapse
No announcement yet.

Using Let's encrypt with Axigen

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

    Using Let's encrypt with Axigen

    Hey,

    is it possible to use Let's encrypt with Axigen? (https://letsencrypt.org/)

    I have used the certonly option to generate the certificates for my domain.

    Now I have the following files: cert.pem, chain,pem, fullchain.pem, privkey.pem

    What is the best way to get it working with Axigen?

    #2
    Hello,

    The information you have received from Let's Encrypt should work in the same way with the ones generated by any other certificate authorities.
    1. You should put cert.pem + privkey.pem in one file accessible by Axigen (for example in /var/opt/axigen/ssl/domain.pem) and configure your listener Path to certificate file SSL parameter
    2. You should put chain.pem + fullchain.pem in one file accesible by Axigen (for example in /var/opt/axigen/ssl/CA.pem) and configure your listener Path to certificate authorities SSL parameter
    ​Afterwards you should test the certificate installation with any online tool - we usually recommend:
    1. https://cryptoreport.websecurity.sym.../certCheck.jsp
    2. https://www.ssllabs.com/ssltest/
    Please let's us know if you managed to configure your new certificate.

    HTH,
    Ioan

    Comment


      #3
      Thanks Indreias. Following those instructions I was able to configure my webmail to use a Letsencrypt certificate.

      Regards,
      Steve

      Comment


        #4
        Hello, what if i want to use more than one certificate for different domains?
        Thanks.

        Comment


          #5
          The classic way is to use different listeners, each one with its certificate. Nevertheless, in Axigen 10 we have introduced WebMail SNI support so you could define (only for WebMail) additional certificates, one per virtual host.

          For the other services, the usual approach is to use a certificate so called "generic" (for example mail.hosting.tld instead of mail.hosted_domain.tld).

          HTH,
          Ioan

          Comment


            #6
            The method mentioned above works perfect.

            But how to automate the renewal of the certificates?

            https://certbot.eff.org/#ubuntutrusty-other

            This will generate the new files, do I have to copy the different files in the two seperate files and then manually add it to axigen every three months?

            Comment


              #7
              Our usual method is to define in the listener 2 "generic" files (like domain.pem and CA.pem) and 'on disk' we link them to domain.2016.pem and CA.2016.pem. When new files are available in 2017 we recreate the links on disk (to domain.2017.pem and CA.2017.pem) and, at the end, trigger 'service axigen reload'.

              For your case you will have to automate the process (for example in the same shell script that trigger the renewal) and make all needed changes 'on disk', without changing Axigen configuration.

              Is this suitable for you?

              HTH,
              Ioan

              Comment


                #8
                I would like to propose an even better solution. Why don't you just add the ability to create and update letsencrypt keys right into the administrative section of the system? One button click and the new certificate gets added. The system could then auto-update at scheduled periods.

                Comment


                  #9
                  Hello,

                  Thank you for your suggestion - this feature has been already evaluated and will be present in one of our next releases.
                  As soon there are some updates related to this topic I'll post on this thread.

                  Best regards,
                  Ioan

                  Comment


                    #10
                    Hi everybody ....
                    are there some news about this new lets encrypt feature?
                    would really be nice to have.

                    regards
                    scheibi

                    Comment


                      #11
                      Hello Scheibi,

                      There are no news on this subject. I could only confirm that this feature will be present in one of our next releases.

                      BR,
                      Ioan

                      Comment


                        #12
                        Axigen X2 has been released and it supports Let's Encrypt (CLI based).
                        Here is a link to the updated documentation.
                        Axigen is a fast, reliable and secure Linux, Windows, and Solaris mail server software, offering integrated SMTP, POP3, IMAP, and webmail servers, enabling the System Administrator to have full control of traffic through the email server.

                        Comment

                        Working...
                        X