Click here for "Safe Air Conditioner Repair and Proper Freon Recovery".(Japanese Version)

OracleLinux8.6 : Apache , Mail Server SSL/TLS(Let's Encrypt)

1.Obtain SSL Certificate ( Let's Encrypt )

Install the latest open ssl

1.1 Certificate Installation

# Registration of e-mail address and agreement to terms of use are required for the first time only.
# Specify an email address to receive

"Successfully received certificate.Success if displayed
# The following certificate is obtained under [/etc/letsencrypt/live/<FQDN>/] as described in the message
# cert.pem ⇒ SSL server certificate (including public key)
# chain.pem ⇒ intermediate certificate
# fullchain.pem ⇒ File containing cert.pem and chain.pem combined
# privkey.pem ⇒ private key

※ Obtaining a Let's Encrypt certificate when the web server is not running

It is a prerequisite that the server on which the work is to be performed is accessible from the Internet at port 80.

#Use the simple Web server function by specifying [--standalone].
# -d [FQDN from which you want to obtain a certificate # FQDN (Fully Qualified Domain Name) : Hostname. Domain name without abbreviation
# If there are multiple FQDNs for which you want to obtain certificates, specify multiple -d [FQDNs for which you want to obtain certificates]

Renewing certificates already obtained
# Renew all certificates with an expiration date of less than 30 days
# If you want to renew regardless of the number of days remaining on the expiration date, specify [--force-renewal] as well

1.2 Automatic renewal of certificates (Let's Encrypt)

①Pre-registration testing
First, test the automatic update using the following --dry-run option.
With this option, certificates are not renewed, only checked, so there is no need to worry about getting caught in the limit on the number of times a certificate can be obtained.

②Using Systemd Timer

2. Converting Apache to https

Install the following

2.1 Edit ssl.conf file

Restart Apache.
Allow https in Firewall

2.2 Redirect HTTP to HTTPS

Create .htaccess under /var/www/html/<FQDN>/.
Contents of .htaccess

3. SSL/TLS (Let's Encrypt) settings on the mail server

3.1 Obtaining a certificate for the mail server

Obtain a certificate for the mail server, but it cannot be obtained in the same way as above, so the following with the "--standalone" option fails.

If I stop the web server and then do it, it succeeds as follows

3.2 Postfix Configuration

3.3 Dovecot Settings

Allow Port 587 in firewall

3.4 Thunderbird Settings

Receiving server
Port  :  143
Connection security   :  STARTTLS
Authentication method  :  Normal password
Sending server
Port   :  587
Connection security   :  STARTTLS
Authentication method  :  Normal password
Copied title and URL