How to renew SSL certificate on iRedMail

I will give an example of updating a self-signed certificate on Ubuntu Server with iRedMail installed.

Switch to the root user:

sudo -i

In the installation directory with iRedMail there is a certificate generation script, in my case it is located here /root/iRedMail-0.9.7/tools/generate_ssl_keys.sh

Copy it to /etc/ssl/:

cp /root/iRedMail-0.9.7/tools/generate_ssl_keys.sh /etc/ssl/generate_ssl_keys.sh

The script can be opened in the text editor nano (Ctrl+X to exit, y/n to save or cancel changes):

nano /etc/ssl/generate_ssl_keys.sh

And change some information, for example:

TLS_COUNTRY=
TLS_STATE=
TLS_CITY=
TLS_ADMIN=

Make the file executable:

chmod +x /etc/ssl/generate_ssl_keys.sh

Run:

sh -e /etc/ssl/generate_ssl_keys.sh

After startup, the following files will be generated:

/etc/ssl/certs/iRedMail.crt
/etc/ssl/private/iRedMail.key

Restart the apache2 web server:

/etc/init.d/apache2 restart

Let’s check the certificate (where mail.example.com is your domain):

openssl s_client -connect mail.example.com:443  | grep "Verify return code"

See also my article:
Install SSL Certificate for iRedMail

Leave a comment

Leave a Reply