VestaCP SSL for mail server

VestaCP install self signed SSL for mail server by default. To install valid SSL, login to VestCP, go to sites. You will see a site with your sites hostname. If you don’t see it, create a site with your server hostname. Make sure DNS edited so hostname resolve to server IP. Now you should be able to get free LetsEncrypt SSL for this site.

if you check Apache Virtual Host for the site, you will see someting like

SSLCertificateFile /home/admin/conf/web/ssl.HOSTNAME.crt
SSLCertificateKeyFile /home/admin/conf/web/ssl.HOSTNAME.key
SSLCertificateChainFile /home/admin/conf/web/ssl.HOSTNAME.ca

In VeataCP the config files for exim and dovecot located at

/etc/exim4/exim4.conf.template
/etc/dovecot/conf.d/10-ssl.conf

These configs use SSL located at /usr/local/vesta/ssl/certificate.crt and /usr/local/vesta/ssl/certificate.key.

To use the FREE SSL, create a bash script.

mkdir /usr/serverok/
vi /usr/serverok/ssl-renew-hostname

Add

#!/bin/bash
# Author: ServerOk Software
# Web: www.serverok.in
# Email: [email protected]

cat /home/admin/conf/web/ssl.HOSTNAME.crt > /usr/local/vesta/ssl/certificate.crt
cat /home/admin/conf/web/ssl.HOSTNAME.ca >> /usr/local/vesta/ssl/certificate.crt
cat /home/admin/conf/web/ssl.HOSTNAME.key > /usr/local/vesta/ssl/certificate.key
systemctl restart apache2
systemctl restart exim4
systemctl restart dovecot
/usr/local/vesta/nginx/sbin/vesta-nginx -s reload

make the file executable

chmod 755 /usr/serverok/ssl-renew-hostname

Run the script

/usr/serverok/ssl-renew-hostname

Now SSL will work for mail server and VestaCP. To access VestaCP, use

https://HOSTNAME:8083/login/

Verify Mail Server SSL

You can view mail server SSL with command

openssl s_client -showcerts -connect HOSTNAME:993
openssl s_client -showcerts -connect HOSTNAME:465
openssl s_client -starttls smtp -showcerts -connect HOSTNAME:587

Replace HOSTNAME with actual hostname of your server.

Auto Renew SSL

LetsEncrypt SSL expire every 90 days. So we will create a cronjob to auto renew SSL. Ff you have a paid SSL, you don’t need this cronjob

Create a cronjob with

crontab -e

Add

@weekly  /usr/serverok/ssl-renew-hostname > /dev/null 2>&1

Related Posts

VestaCP Free Hosting Control Panel

Need help with Linux Server or WordPress? We can help!
Contact Us

Leave a Reply

Your email address will not be published. Required fields are marked *