Distribution: Rocky-9.2
NethServer Version: 8 beta
Module: mail & webtop, etc…
Hi all,
I succeeded to get a Let’s Encrypt certificate for my LOCAL Rocky-9.2/NS8:
See: Rocky-9.2 and Let's Encrypt certificate.
Before all that, I asked a Let’s Encrypt certificate with acme.sh
on my LOCAL Rocky-9.2/NS8.
Now for the MAIL certificate, it looks like the mail server of Rocky-9.2/NS8 took the certficate from acme.sh
and it generates problems with Thunderbird.
[root@hote directory]# locate acme-v02.api.letsencrypt.org/directory
/root/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory
/root/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/account.json
/root/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/account.key
/root/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/ca.conf
[root@hote directory]#
[root@hote directory]# ls -als /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory
total 12
0 drwxr-xr-x. 2 root root 60 Jun 26 09:55 .
0 drwxr-xr-x. 3 root root 23 Jun 26 09:55 ..
4 -rw-r--r--. 1 root root 275 Jun 26 09:55 account.json
4 -rw-------. 1 root root 227 Jun 26 09:55 account.key
4 -rw-r--r--. 1 root root 169 Jun 26 09:55 ca.conf
[root@hote directory]#
########################################################################
Yesterday, I asked a Let’s Encrypt cert on my main server after entering the DNS (hosts), creating a MAIL to LOCAL, and Revere Proxy all (with the CNAME created by it) to point to LOCAL IP.
On my main server (PASSERELLE), in the archive directory of Let’s Enscrypt under rocky.toto.org
I created a directory on my Rocky-9.2/NS8: /root/Cert_PASSERELLE
.
I copied the archive directoty for rocky.toto.org
of my main server PASSERELLE to the directory I just created: /root/Cert_PASSERELLE
on my Rocky-9.2/NS8.
[root@hote ~]# ls -als Cert_PASSERELLE/
total 20
0 drwxr-xr-x. 2 root root 83 Jun 26 12:34 .
4 dr-xr-x---. 8 root root 4096 Jun 26 12:33 ..
4 -rw-r--r--. 1 root root 2033 Jun 25 15:23 cert1.pem
4 -rw-r--r--. 1 root root 1826 Jun 25 15:23 chain1.pem
4 -rw-r--r--. 1 root root 3859 Jun 25 15:23 fullchain1.pem
4 -rw-r--r--. 1 root root 1704 Jun 25 15:23 privkey1.pem
[root@hote ~]#
########################################################################
On the Rocky-9.2/NS8, under Settings => TLS certificates => ACME servers
I clicked Edit
.
I entered the “Path” of the newly created directory then Edit ACME server.
I refreshed the page.
Now, with Thunderbird on a Ubuntu-22.04 LTS, I can send and receive emails without any problem.
Michel-André