How To Configure Postfix and Dovecot with a Lets Encrypt SSL Certificate on Ubuntu.

Ubuntu 18.04
Apache2: (If it is not installed, please run “apt-get install -y apache2” to install it first)
Postfix: (If it is not installed, please run “apt-get install -y postfix” to install it first)
Dovecot: (If it is not installed, please run “apt-get install -y dovecot-common dovecot-imapd dovecot-pop3d” to install it first)

1. Install certbot/letsencrypt.

sudo apt-get update
sudo apt-get install git
sudo git clone /opt/certbot

2. Modified the 000-default file.

vi /etc/apache2/sites-available/000-default.conf

Add the following into the conf file BEFORE the closing </VirtualHost> tag:

#Add Alias For Lets Encrypt WebRoot Authentication Using ACME
AliasMatch ^/.well-known/acme-challenge/(.*)$ /var/www/html/.well-known/acme-challenge/$1
Alias /.well-known/acme-challenge/ /var/www/html/.well-known/acme-challenge/
<Directory "/var/www/html/.well-known/acme-challenge/">
    Options None
    AllowOverride None
    ForceType text/plain
    RedirectMatch 404 "^(?!/\.well-known/acme-challenge/[\w-]{43}$)"

3. Save that file and restart Apache.

sudo service apache2 restart

4. Change directory to the letsencrypt folder and Generate the certificate( Replace with the actual domain).

cd /opt/certbot && sudo ./certbot-auto certonly --agree-tos --rsa-key-size 4096 --renew-by-default -m [email protected] --webroot -w /var/www/html/ -d --renew-by-default
 You will get the following output.

5. Configure Postfix and Dovecot with the Lets Encrypt SSL Certificate.

Edit Postfix configuration file
vi /etc/postfix/
Modify the path of the certificate file( Replace with the actual domain):
smtpd_tls_cert_file = /etc/letsencrypt/live/
smtpd_tls_key_file = /etc/letsencrypt/live/
Edit dovecot configuration file
vi /etc/dovecot/dovecot.conf
change the following lines:
ssl_cert = </etc/letsencrypt/live/ 
ssl_key = </etc/letsencrypt/live/
Restart the two services
sudo service postfix restart && sudo service dovecot restart

6. Verify if the SSL for IMAP/POP3/SMTP works and a proper SSL certificate is in use.

Postfix: SMTP
Dovecot: IAMP/POP3

Using online checkers

Check SSL using online tools:


Using a Linux server

connect to a mail server using openssl:
SMTP via SSL using port 465: openssl s_client -showcerts -connect
POP3 via SSL using port 995: openssl s_client -showcerts -connect
IMAP via SSL using port 993: openssl s_client -showcerts -connect

Add Feedback