Suppose we have a signed SSL certificate, or we will receive it from Let’s Encrypt, as I described in this article:
Installing Certbot in Ubuntu
To install an SSL certificate for iRedMail, you need to specify it in the Dovecot, Postfix and Apache2 configuration.
Specify the certificate in Dovecot, to do this, open the configuration file in a text editor:
sudo nano /etc/dovecot/dovecot.conf
Find the lines:
ssl_cert = </etc/ssl/certs/iRedMail.crt ssl_key = </etc/ssl/private/iRedMail.key
And change them to your certificate (say, from Let’s Encrypt):
ssl_cert = </etc/letsencrypt/live/ixnfo.com/fullchain.pem ssl_key = </etc/letsencrypt/live/ixnfo.com/privkey.pem
Now open the Postfix configuration:
sudo nano /etc/postfix/main.cf
Find the lines:
smtpd_tls_key_file = /etc/ssl/private/iRedMail.key smtpd_tls_cert_file = /etc/ssl/certs/iRedMail.crt smtpd_tls_CAfile = /etc/ssl/certs/iRedMail.crt
And change them to your certificate (say, from Let’s Encrypt):
smtpd_tls_key_file = /etc/letsencrypt/live/ixnfo.com/privkey.pem smtpd_tls_cert_file = /etc/letsencrypt/live/ixnfo.com/fullchain.pem smtpd_tls_CAfile = /etc/letsencrypt/live/ixnfo.com/fullchain.pem
Well, it remains to open the configuration of Apache2:
sudo nano /etc/apache2/sites-enabled/default-ssl.conf
Find strings:
SSLCertificateFile /etc/ssl/certs/iRedMail.crt SSLCertificateKeyFile /etc/ssl/private/iRedMail.key
And change them:
SSLCertificateFile /etc/letsencrypt/live/ixnfo.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/ixnfo.com/privkey.pem
To apply the changes, restart Dovecot, Postfix, Apache2 and make sure that they are successfully launched:
sudo service dovecot restart sudo service postfix restart sudo service apache2 restart sudo service dovecot status sudo service postfix status sudo service apache2 status
This completes the installation of your SSL certificate for iRedMail.
See also my article:
How to renew SSL certificate on iRedMail