Click here for "Safe Air Conditioner Repair and Proper Freon Recovery".(Japanese Version)

OracleLinux8.8 ; SSL Certificate Acquisition( Let's Encrypt ) , WEB/Mail server SSL

1.SSL Certificate Acquisition ( Let's Encrypt )

Install the latest open ssl

1.1 Certificate Installation

Registration of e-mail address and agreement to terms of use are required for the first time only.
Specify an email address to receive

"Successfully received certificate.Success if displayed
The following certificate is obtained under [/etc/letsencrypt/live/<FQDN>] as described in the message
cert.pem ⇒ SSL server certificate (including public key)
chain.pem ⇒ intermediate certificate
fullchain.pem ⇒ File containing cert.pem and chain.pem combined
privkey.pem ⇒ private key



※ Obtaining a Let's Encrypt certificate when the web server is not running
It is a prerequisite that the server on which the work is to be performed is accessible from the Internet at port 80.

Use the simple Web server function by specifying [--standalone].
# -d [FQDN from which you want to obtain a certificate
# FQDN (Fully Qualified Domain Name) : Hostname. Domain name without abbreviation
# If there are multiple FQDNs for which you want to obtain certificates, specify multiple -d [FQDNs for which you want to obtain certificates]

Renewing certificates already obtained
# Renew all certificates with an expiration date of less than 30 days
# If you want to renew regardless of the number of days remaining on the expiration date, specify [--force-renewal] as well

1.2 Automatic renewal of certificates (Let's Encrypt)

①Pre-registration testing
First, test the automatic update using the following --dry-run option.
With this option, certificates are not renewed, only checked, so there is no need to worry about getting caught in the limit on the number of times a certificate can be obtained.

②Using Systemd Timer

2. Converting Apache to https

Install the following

2.1 Edit ssl.conf file

Restart Apache.

Allow https in Firewall

2.2 Redirect HTTP to HTTPS

Create .htaccess under /var/www/html/<FQDN>/.

Contents of .htaccess

3. SSL/TLS (Let's Encrypt) settings on the mail server

3.1 Obtaining a certificate for the mail server

Obtain a certificate for the mail server, but it cannot be obtained in the same way as above, so the following with the "--standalone" option fails.

If I stop the web server and then do it, it succeeds as follows

3.2 Postfix Configuration

3.3 Dovecot Settings

Allow Port 587 in firewall

3.4 Thunderbird Settings

Receiving server
Port  :  143
Connection security   :  STARTTLS
Authentication method  :  Normal password

Sending server
Port   :  587
Connection security   :  STARTTLS
Authentication method  :  Normal password

Copied title and URL