Let's Encrypt provides free SSL certificates, which can be used for hMailserver. However, the certificates are valid only for 90 days, and there is a scripted validation process that can be challenging to set up. Most scripts that are available are designed for validation using a webserver, and not mailservers. The following enables SSL full certificate request and installation for hMailserver without a separate webserver, with renewals every 85 days. Requirements:
* You may also need the following (to be verified): sudo apt-get install python-setuptoolsNOTE: Python 3.x in the current distribution will not work, since it is called python3, etc. Decide on your workspace folder and create it in Windows Explorer. A folder without any spaces in its entire path is recommended (I have not tested names with spaces). The folder needs to be accessible to non-admins, since currently there seems to be some issues with Windows 10 Bash access to restricted folders. For example, lets consider something like c:\Users\myUserName\Documents\Networking\hmailserver_letsencrypt (change myUserName to your username). We will call this your script folder on this page.One-time initial setupGo to the script folder that you created, then: 1. In Bash, get the dehydrated script and the related Cloudflare hook by running the following. (If you are using a supported DNS service hook other than cloudflare, you will need to make changes for installing the hook and its dependencies): git clone https://github.com/lukas2511/dehydrated cd dehydrated mkdir hooks git clone https://github.com/kappataumu/letsencrypt-cloudflare-hook hooks/cloudflare sudo pip install -r hooks/cloudflare/requirements-python-2.txt cd ..
2. In Bash, create an executable script named hmailCert.sh by following:
hmailCert.bat with the following content. NOTE: change the second line with the address of your script folder.set HMAILSERVER_DOMAIN='yourMXDomainNameLike_mail.mydomain.com' cd c:\Users\myUserName\Documents\Networking\hmailserver_letsencrypt bash -c "./hmailCert.sh" copy %HMAILSERVER_DOMAIN%.letsencrypt.key "c:\Program Files (x86)\hMailServer" copy %HMAILSERVER_DOMAIN%.letsencrypt.crt "c:\Program Files (x86)\hMailServer" net stop hMailServer net start hMailServer
4. In Windows run everything for the first time to see if it works or if there are any issues, by opening a Command Prompt ( CMD ) as Administrator (right click on Command Prompt in the Windows 10 (start) menu and click Run as Administrator). Go to your script foldercd c:\Users\myUserName\Documents\Networking\hmailserver_letsencrypt and run the batch file: hmailCert.bat
If no errors, you should have a new .key and a .crt file in your hMailServer folder. 5. Install the server certificate for the domain that hMailServer manages by going in hMailServer Admin GUI:
6. Load the initial certificates by restarting hMailServer. You can do this in CMD (Run as Administrator) by the following two commands: net stop hMailServer net start hMailServer
1. Go to Windows Task Scheduler, and create a new task, to run the hmailCert.bat with the following settings:
|
Home >