Lets encrypt certifcate generation for centos postfix server

  1. Install lets encrypt
  2. yum -y install letsencrypt
Generate Lets encrypt certificate
  1. letsencrypt certonly --standalone -d {domain name}

Main configuration file where we provide location to certificate
  1. vi /etc/postfix/main.cf
Parameters that is added to postfix file
  1. smtpd_tls_CAfile = /etc/letsencrypt/live/{domain name}/fullchain.pem
  2. smtpd_tls_key_file =  /etc/letsencrypt/live/{domain name}/privkey.pem
  3. smtpd_tls_cert_file = /etc/letsencrypt/live/{domain name}/cert.pem
  4. smtpd_use_tls = yes
Package required for configuring auto renew of lets encrypt certificate 
  1. wget https://dl.eff.org/certbot-auto && chmod a+x certbot-auto
  2. mv certbot-auto /etc/letsencrypt/
Scheduling autorenew of Certificate
We need to renew it every 90 days
  1. crontab -e
0 0 1 */2 * cd /etc/letsencrypt/ && ./certbot-auto renew 

0 0 1 */2 * cd /etc/letsencrypt/ && ./certbot-auto renew >/var/log/letsencrypt/letsencrypt.log 2>&1

Testing new certificate generation without overriding old one 
  1. cd /etc/letsencrypt/ && ./certbot-auto renew --dry-run

Log of Lets encrypt 
  1. cat /var/log/letsencrypt/letsencrypt.log


Comments

Post a Comment

Popular Posts