Click here for "Error Codes for Commercial Air Conditioners".(Japanese Version)

AlmaLinux9.2 ; SSL Certificate Acquisition( Let's Encrypt ) , Apache SSL , Mail SSL/TLS

1. .Obtain an SSL certificate ( Let's Encrypt )

Install the latest open ssl

1.1 advance preparation

1.Package management system Snappy installed
Since the SSL certificate issuing tool "certbot" of Let's Encrypt is recommended to be installed using "snap" after 2021, install Snapd first.(Can also be installed the traditional way with dnf or yum)

Enable systemd unit to manage the main snap communication socket

Enable Classics Snap support

Bring snapd version up to date

If the above fails, run the following command instead (the core package will be installed along with the package called hello-world)

Update core package

Version Check

Log out and log in again or reboot the system to ensure that the snap path is updated correctly

2..certbot package install

Create symbolic link to /snap/bin/certbot

Confirmation

1.2 Obtaining Certificates

Registration of e-mail address and agreement to terms of use are required for the first time only.
Specify an email address to receive

1.2 Automatic renewal of certificates(Let's Encrypt)

Pre-registration testing
First, test the automatic update using the following --dry-run option.
With this option, certificates are not renewed, only checked, so there is no need to worry about getting stuck with a limit on the number of times a certificate can be obtained.

When you install the snap version of certbot, the automatic certificate renewal function is also installed.

snap.certbot.renew.timer is registered

Check the unit file snap.certbot.renew.timer

According to the above configuration, it will attempt to update at 4:49 and 15:16 every day as specified in the OnCalender parameter(However, the set time changes randomly with each update)

Check the unit file snap.certbot.renew.service

However, the web server using the certificate will not be restarted, so set up a script to run automatically after the update

2. Converting Apache to https

Install the following just in case

2.1 Edit ssl.conf file

Restart Apache.

Allow https in Firewall

2.2 Redirect HTTP communications to HTTPS

Create .htaccess under /var/www/html/[FQDN]/.
Contents of .htaccess

3. SSL/TLS (Let's Encrypt) settings on the mail server

3.1 Obtaining a certificate for the mail server

Obtain a certificate for the mail server, but it cannot be obtained in the same way as above, so the following with the "--standalone" option fails.

If I stop the web server once and then do it, it succeeds as follows

3.2 Postfix Configuration

3.3 Dovecot Settings

Allow Port 587 in firewall

3.4 Thunderbird Settings

Receiving servers

Port  :  143
Connection security   :  STARTTLS
Authentication method  :  Normal password

Sending server

Port   :  587
Connection security   :  STARTTLS
Authentication method  :  Normal password

Copied title and URL