Click here for "Safe Air Conditioner Repair and Proper Freon Recovery".(Japanese Version)

CentOS Stream9 ; Let's Encrypt , Apache・Mail Server SSL/TLS

1.Obtain SSL Certificate( Let's Encrypt )

1.1 Advance preparation

Install the latest open ssl

certbot package install
Install "certbot", Let's Encrypt's SSL certificate issuing tool.

1.2 Obtaining Certificates

Registration of e-mail address and agreement to terms of use required for the first time only
Specify an email address that you can receive

The following certificates have been obtained under [/etc/letsencrypt/live//] as described in the message
 cert.pem : SSL server certificate (including public key)
 chain.pem : Intermediate Certificates
 fullchain.pem : File containing cert.pem and chain.pem combined
 privkey.pem : private key

1.3 Automatic renewal of certificates

①Pre-registration test
First, test the automatic update using the following --dry-run option.
With this option, certificates are not renewed, only checked, so there is no need to worry about getting stuck with a limit on the number of times a certificate can be obtained.

➁Automatically renew SSL certificates using cron (run at midnight on the 1st of each month)

2. Apache https

Install the following

2.1 Edit ssl.conf file

Apache restart

Allow https in Firewall

2.2 Redirect HTTP communications to HTTPS

Create .htaccess under /var/www/html/[FQDN]/.
Contents of .htaccess

3. SSL/TLS (Let's Encrypt) settings on the mail server

3.1 Obtaining a Certificate for Mail Server

Obtain a certificate for the mail server, but it cannot be obtained in the same way as above, so the following with the "--standalone" option fails.

If I stop the web server once and then do it, it succeeds as follows

3.2 Postfix Configuration

3.3 Dovecot Configuration

Allow Port 587 in firewall

3.4 Thunderbird Settings

Receiving server
Port  :  143
Connection security   :  STARTTLS
Authentication method  :  Normal password

Sending server
Port   :  587
Connection security   :  STARTTLS
Authentication method  :  Normal password

Copied title and URL