Rocky-9.2 and Let’s Encrypt certificate for the MAIL server

Support
, ,
1

Distribution: Rocky-9.2
NethServer Version: 8 beta
Module: mail & webtop, etc…

Hi all,

I succeeded to get a Let’s Encrypt certificate for my LOCAL Rocky-9.2/NS8:
See: Rocky-9.2 and Let's Encrypt certificate.

Before all that, I asked a Let’s Encrypt certificate with acme.sh on my LOCAL Rocky-9.2/NS8.

Now for the MAIL certificate, it looks like the mail server of Rocky-9.2/NS8 took the certficate from acme.sh and it generates problems with Thunderbird.

image
image1439×532 126 KB 

[root@hote directory]# locate acme-v02.api.letsencrypt.org/directory
/root/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory
/root/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/account.json
/root/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/account.key
/root/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/ca.conf
[root@hote directory]#

[root@hote directory]# ls -als /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory
total 12
0 drwxr-xr-x. 2 root root  60 Jun 26 09:55 .
0 drwxr-xr-x. 3 root root  23 Jun 26 09:55 ..
4 -rw-r--r--. 1 root root 275 Jun 26 09:55 account.json
4 -rw-------. 1 root root 227 Jun 26 09:55 account.key
4 -rw-r--r--. 1 root root 169 Jun 26 09:55 ca.conf
[root@hote directory]#

########################################################################

Yesterday, I asked a Let’s Encrypt cert on my main server after entering the DNS (hosts), creating a MAIL to LOCAL, and Revere Proxy all (with the CNAME created by it) to point to LOCAL IP.

On my main server (PASSERELLE), in the archive directory of Let’s Enscrypt under rocky.toto.org
image

I created a directory on my Rocky-9.2/NS8: /root/Cert_PASSERELLE.
I copied the archive directoty for rocky.toto.org of my main server PASSERELLE to the directory I just created: /root/Cert_PASSERELLE on my Rocky-9.2/NS8.

[root@hote ~]# ls -als Cert_PASSERELLE/
total 20
0 drwxr-xr-x. 2 root root   83 Jun 26 12:34 .
4 dr-xr-x---. 8 root root 4096 Jun 26 12:33 ..
4 -rw-r--r--. 1 root root 2033 Jun 25 15:23 cert1.pem
4 -rw-r--r--. 1 root root 1826 Jun 25 15:23 chain1.pem
4 -rw-r--r--. 1 root root 3859 Jun 25 15:23 fullchain1.pem
4 -rw-r--r--. 1 root root 1704 Jun 25 15:23 privkey1.pem
[root@hote ~]#

########################################################################

On the Rocky-9.2/NS8, under Settings => TLS certificates => ACME servers I clicked Edit.

image
image1175×378 71.7 KB

I entered the “Path” of the newly created directory then Edit ACME server.

image

I refreshed the page.

image
image1181×368 9.91 KB

Now, with Thunderbird on a Ubuntu-22.04 LTS, I can send and receive emails without any problem.

Michel-André