I want to create a let’s crypt cert for subdomains mail.domain.com so that mail servers have a valid cert. It did not take it at first after but creating an ServerAlias mail.domain.com in apache conf it worked.
I created the same server alias for hostnameofserver.domain.com but unfortunately the let’s crypt cert fails with 403 or 404. All the DNS records exist.
I don’t understand why this is. It works on Debian 7 box but not on my new Debian 8 machine.
Other bugs on Debian 8: Initial setups fails to start MySQL. (this is true for all installs from many hosting companies, regardless of ISO image). It works after that for some reason.
Also; when enabling proftpd with SSL, Proftpd will not work at all until you disable the SFTP module and # it out.
Also; enabling SSL with postfix adds the line: smtpd_tls_mandatory_protocols = SSLv3, TLSv1 isn’t this insecure?
I removed it and changed it to:
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
smtpd_tls_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
This way TLS 1.2 is used.
Also; ougoing mail is not encrypted only incoming. I added:
smtp_use_tls = yes
smtp_tls_loglevel = 1
The same is true for dovecot and protpd, it enables ssl in whatever. I think it would be nice to use something like:
I think the automated SSL enabling and automated Let’s Crypt Certs is the cooles thing ever ! But I think it should be a bit more complete out of the box concerning protocols & ciphers.