Compare commits
2 Commits
eb5c71968a
...
fbb2cf38ae
Author | SHA1 | Date | |
---|---|---|---|
fbb2cf38ae | |||
4df53ce247 |
14
Pipfile.lock
generated
14
Pipfile.lock
generated
@ -18,20 +18,20 @@
|
||||
"default": {
|
||||
"aiosmtpd": {
|
||||
"hashes": [
|
||||
"sha256:f821fe424b703b2ea391dc2df11d89d2afd728af27393e13cf1a3530f19fdc5e",
|
||||
"sha256:f9243b7dfe00aaf567da8728d891752426b51392174a34d2cf5c18053b63dcbc"
|
||||
"sha256:78d7b14f859ad0e6de252b47f9cf1ca6f1c82a8b0f10a9e39bec7e915a6aa5fe",
|
||||
"sha256:a196922f1903e54c4d37c53415b7613056d39e2b1e8249f324b9ee7a439be0f1"
|
||||
],
|
||||
"index": "pypi",
|
||||
"markers": "python_version ~= '3.7'",
|
||||
"version": "==1.4.4.post2"
|
||||
"markers": "python_version >= '3.8'",
|
||||
"version": "==1.4.5"
|
||||
},
|
||||
"atpublic": {
|
||||
"hashes": [
|
||||
"sha256:0f40433219e124edf115c6c363808ca6f0e1cfa7d160d86b2fb94793086d1294",
|
||||
"sha256:80057c55641253b86dcb68b524f82328172371b6547d4c7462a9127fbfbbabfc"
|
||||
"sha256:d1c8cd931af7461f6d18bc6063383e8654d9e9ef19d58ee6dc01e8515bbf55df",
|
||||
"sha256:df90de1162b1a941ee486f484691dc7c33123ee638ea5d6ca604061306e0fdde"
|
||||
],
|
||||
"markers": "python_version >= '3.8'",
|
||||
"version": "==4.0"
|
||||
"version": "==4.1.0"
|
||||
},
|
||||
"attrs": {
|
||||
"hashes": [
|
||||
|
@ -81,15 +81,16 @@ systemctl status mail4one
|
||||
Above command should fail as the TLS certificates don't exist yet.
|
||||
|
||||
## Setup TLS certificates
|
||||
Install [certbot](https://certbot.eff.org/) and run below command. Follow instructions to create TLS certificates. Usually you want certificate for domain name like `mail.example.com`
|
||||
Install [certbot](https://certbot.eff.org/) and run below command. Follow instructions to create TLS certificates. Usually you want certificate for domain name like `mail.mydomain.com`
|
||||
```sh
|
||||
sudo certbot certonly
|
||||
sudo cp /etc/letsencrypt/live/mail.example.com/{fullchain,privkey}.pem /var/lib/mail4one/certs/
|
||||
sudo chown mail4one:mail4one /var/lib/mail4one/certs/{fullchain,privkey}.pem
|
||||
|
||||
# Edit mail4one_cert_copy.sh to update your domain name
|
||||
# **Edit** mail4one_cert_copy.sh to update your domain name
|
||||
sudo cp mail4one_cert_copy.sh /etc/letsencrypt/renewal-hooks/deploy/
|
||||
sudo chmod +x /etc/letsencrypt/renewal-hooks/deploy/mail4one_cert_copy.sh
|
||||
|
||||
# This will create and copy the certificates to the right path with correct permissions and ownership
|
||||
sudo certbot certonly -d mail.mydomain.com --run-deploy-hooks --dry-run
|
||||
```
|
||||
## Restart service and check logs
|
||||
```sh
|
||||
@ -109,6 +110,6 @@ python3 -m http.server 25
|
||||
In local machine or a browser
|
||||
You should see file listing a, b, c. Repeat for port 465, 995 to make sure firewall rules and dns is working
|
||||
```sh
|
||||
curl http://mail.example.com:25
|
||||
curl http://mail.mydomain.com:25
|
||||
```
|
||||
If not working, refer to VPS settings and OS firewall settings.
|
||||
|
@ -7,13 +7,21 @@
|
||||
# This file is supposed to be copied to /etc/letsencrypt/renewal-hooks/deploy/
|
||||
# Change the mail domain to the one on MX record
|
||||
|
||||
set -eu
|
||||
|
||||
if [ "$RENEWED_DOMAINS" = "mail.mydomain.com" ]
|
||||
then
|
||||
mkdir -p /var/lib/mail4one/certs
|
||||
chmod 750 /var/lib/mail4one/certs
|
||||
chown mail4one:mail4one /var/lib/mail4one/certs
|
||||
cp "$RENEWED_LINEAGE/fullchain.pem" /var/lib/mail4one/certs/
|
||||
cp "$RENEWED_LINEAGE/privkey.pem" /var/lib/mail4one/certs/
|
||||
systemctl restart mail4one.service
|
||||
echo "$(date) Renewed and deployed certificates for mail4one" >> /var/log/mail4one-cert-renew.log
|
||||
app=mail4one
|
||||
appuser=$app
|
||||
certpath="/var/lib/$app/certs"
|
||||
|
||||
mkdir -p "$certpath"
|
||||
chmod 750 "$certpath"
|
||||
|
||||
chown $appuser:$appuser "$certpath"
|
||||
install -o "$appuser" -g "$appuser" -m 444 "$RENEWED_LINEAGE/fullchain.pem" -t "$certpath"
|
||||
install -o "$appuser" -g "$appuser" -m 400 "$RENEWED_LINEAGE/privkey.pem" -t "$certpath"
|
||||
|
||||
systemctl restart $app.service
|
||||
echo "$(date) Renewed and deployed certificates for $app" >> /var/log/cert-renew.log
|
||||
fi
|
||||
|
@ -1,5 +1,5 @@
|
||||
-i https://pypi.org/simple
|
||||
aiosmtpd==1.4.4.post2; python_version ~= '3.7'
|
||||
atpublic==4.0; python_version >= '3.8'
|
||||
aiosmtpd==1.4.5; python_version >= '3.8'
|
||||
atpublic==4.1.0; python_version >= '3.8'
|
||||
attrs==23.2.0; python_version >= '3.7'
|
||||
python-jata==1.2; python_version >= '3.8'
|
||||
|
Loading…
Reference in New Issue
Block a user