Using Your Own SSL Certificate with mailcow (Part 2)
Publish: 2022-08-16 | Modify: 2022-08-16
This is the second tutorial in the series of self-hosted mail server using mailcow. If you are interested in setting up your own mail server, you can refer to my previous article "Deploying mailcow with Docker, Self-Hosted Mail Server". For the sake of network security, it is necessary to enable TLS/SSL encryption for the mail server, which requires the use of an SSL certificate.
Automatic SSL Certificate Application for mailcow
After the deployment of mailcow, it will automatically apply for an SSL certificate using ACME. However, this requires the use of the default web port 80 (for Let’s Encrypt validation). If a non-default port is used, the application will fail. Alternatively, it may fail due to other reasons such as network issues.
Since Xiaoz did not use the default port 80, the automatic SSL certificate application of mailcow cannot be used. We can manually apply for an SSL certificate and deploy it to mailcow, which is more reliable.
Applying for an SSL Certificate
In the previous article, it was mentioned that if your hostname is set to mail.domain.com, you also need to use this domain name (note that it is a second-level domain, not a top-level domain) when applying for an SSL certificate. This article does not provide a detailed introduction to applying for an SSL certificate. Currently, Tencent Cloud and Alibaba Cloud both provide free DV SSL certificates, you can refer to:
- Free Application for Alibaba Cloud DV SSL Certificate
- Free GeoTrust DV SSL Certificate Application from Tencent Cloud
Using Your Own SSL Certificate
Xiaoz is using a free SSL certificate from Tencent Cloud. After the application is completed, download the Nginx format and save it locally. There should be 4 files in it, but we will only use the files ending with .crt and .key.
Then rename the file with the .crt extension to cert.pem and the file with the .key extension to key.pem, and upload them to the data/assets/ssl directory under the mailcow directory for replacement.
Note: Before replacement, you can back up the original files, and do not use symbolic links.
Then modify the mailcown.conf configuration file and change:
SKIP_LETS_ENCRYPT=nto
SKIP_LETS_ENCRYPT=yFinally, restart the affected 3 containers:
docker restart $(docker ps -qaf name=postfix-mailcow)
docker restart $(docker ps -qaf name=nginx-mailcow)
docker restart $(docker ps -qaf name=dovecot-mailcow)Verification
Enter the following command to check and verify if the SSL certificate is valid:
# Verify SMTP TLS port
echo "Q" | openssl s_client -starttls smtp -crlf -connect mail.domain.com:587
# Verify IMAP port
echo "Q" | openssl s_client -starttls imap -showcerts -connect mail.domain.com:143
# Verify HTTPS
echo "Q" | openssl s_client -connect mail.domain.com:443Note: Please replace mail.domain.com with your own domain name.
This article refers to the official documentation: https://mailcow.github.io/mailcow-dockerized-docs/post_installation/firststeps-ssl/
Comments
xiaoz
I come from China and I am a freelancer. I specialize in Linux operations, PHP, Golang, and front-end development. I have developed open-source projects such as Zdir, ImgURL, CCAA, and OneNav.
Random article
- How to Write Pseudo-Original SEO Articles?
- Multi-functional File Sharing Program Zdir 4.1.4 Update: New Online Decompression Feature
- Multi-functional File Sharing Program Zdir 4.2.2 Released, Added SMB Mounting (Easter Egg at the End)
- [AD] RAKsmart: "Passionate Summer, May Special Offer" G Port/Unlimited Ultra-Low Price 1699 Continuously Hot Selling!!!
- Goodbye 2018, Welcoming the New Year
- Megalayer November Promotion: CN2 Dedicated Servers for 99 RMB/month, plus VPS Flash Sale for 9.9 RMB
- Tencent Cloud Hong Kong Lightweight Application Server (Bidirectional CN2 Network), 1 Core 1GB, 24 RMB/month
- phpEnv: Professional and Powerful PHP Integrated Environment
- An SSH Client Xterminal with AI Command Prompt Support, Giveaway Membership Redemption Code
- Quickly Create Cloud Servers with DigitalOcean