How To Configure Postfix and Dovecot with a Lets Encrypt SSL Certificate on Ubuntu.

Environment:
Ubuntu 18.04
Apache2: (If it is not installed, please run “apt-get install -y apache2” to install it first)
Postfix: (If it is not installed, please run “apt-get install -y postfix” to install it first)
Dovecot: (If it is not installed, please run “apt-get install -y dovecot-common dovecot-imapd dovecot-pop3d” to install it first)
 

1. Install certbot/letsencrypt.

sudo apt-get update
sudo apt-get install git
sudo git clone https://github.com/certbot/certbot /opt/certbot
 

2. Modified the 000-default file.

vi /etc/apache2/sites-available/000-default.conf
 

Add the following into the conf file BEFORE the closing </VirtualHost> tag:

#Add Alias For Lets Encrypt WebRoot Authentication Using ACME
AliasMatch ^/.well-known/acme-challenge/(.*)$ /var/www/html/.well-known/acme-challenge/$1
Alias /.well-known/acme-challenge/ /var/www/html/.well-known/acme-challenge/
<Directory "/var/www/html/.well-known/acme-challenge/">
    Options None
    AllowOverride None
    ForceType text/plain
    RedirectMatch 404 "^(?!/\.well-known/acme-challenge/[\w-]{43}$)"
</Directory>
 

3. Save that file and restart Apache.

sudo service apache2 restart
 

4. Change directory to the letsencrypt folder and Generate the certificate( Replace mydomain.com with the actual domain).

cd /opt/certbot && sudo ./certbot-auto certonly --agree-tos --rsa-key-size 4096 --renew-by-default -m [email protected]mydomain.com --webroot -w /var/www/html/ -d mail.mydomain.com --renew-by-default
 
 You will get the following output.
 
 

5. Configure Postfix and Dovecot with the Lets Encrypt SSL Certificate.

Edit Postfix configuration file
vi /etc/postfix/main.cf
 
Modify the path of the certificate file( Replace mydomain.com with the actual domain):
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.mydomain.com/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/mail.mydomain.com/privkey.pem
 
Edit dovecot configuration file
vi /etc/dovecot/dovecot.conf
 
change the following lines:
ssl_cert = </etc/letsencrypt/live/mail.mydomain.com/fullchain.pem 
ssl_key = </etc/letsencrypt/live/mail.mydomain.com/privkey.pem
 
 
Restart the two services
sudo service postfix restart && sudo service dovecot restart
 
 

6. Verify if the SSL for IMAP/POP3/SMTP works and a proper SSL certificate is in use.

Postfix: SMTP
Dovecot: IAMP/POP3

Using online checkers

Check SSL using online tools:

 

Using a Linux server

connect to a mail server using openssl:
SMTP via SSL using port 465: openssl s_client -showcerts -connect mail.domain.com:465
POP3 via SSL using port 995: openssl s_client -showcerts -connect mail.domain.com:995
IMAP via SSL using port 993: openssl s_client -showcerts -connect mail.domain.com:993
 

Add Feedback