Letsencrypt dns-linode-credentials multidomain with wildcard install-cert for web, dovecot and postfix script

System hostname debian.members.linode.com Operating system Debian Linux 10
Webmin version 1.973 Usermin version 1.823
Virtualmin version 6.16 Pro Authentic theme version 19.73
Time on system Friday, August 20, 2021 7:47 PM Kernel and CPU Linux 5.13.4-x86_64-6 on x86_64

For years I’ve been wrestling with various failure modes arising from what should be a simple requirement:

Get Letsencrypt working with everything on my server without a lot of manual intervention.

By “everything” I mean, of course, web and mail (incoming and outgoing).

Wildcards for subdomains make it so I don’t have to request a new certificate everytime I add a new subdomain to one of my hosted domains.

Also I ended up needing to use a DNS provider – my hosting provider’s – so I ended up needing to use their TXT record plugin for certbot (certbot/dns-linode).

Finally, since all the various moving parts made aligning versions of software virtually impossible without a lot of hassle I ended up going to a docker image for certbot. The resulting script follows for obtaining an initial certificate for all of my domains:

#!/bin/sh -x
# Resorting to the docker image for certbot/dns-linode since version alignment between various packages is such a nightmare that things keep breaking.
docker run -a=STDERR -a=STDOUT -it --rm --name certbot \
            -v "/root/.linode_api:/root/.linode_api" \
            -v "/etc/letsencrypt:/etc/letsencrypt" \
            -v "/var/lib/letsencrypt:/var/lib/letsencrypt" \
            -v "/var/log:/var/log" \
            certbot/dns-linode certonly --dns-linode-propagation-seconds 400 --dns-linode-credentials /root/.linode_api/certbot --dns-linode \
            -d fairchurch.org ... -d delegate.network \
            -d *.fairchurch.org ... -d *.delegate.network

Then, I use ‘install-cert’ to deploy in the script ‘/etc/letsencrypt/renewal-hooks/deploy/copytodomains’:

#!/bin/bash

set -e

for domain in $RENEWED_DOMAINS; do
        if [[ ! $domain =~ ^\* ]]; then virtualmin install-cert --domain $domain --cert "$RENEWED_LINEAGE/cert.pem" --key "$RENEWED_LINEAGE/privkey.pem";  fi;

done

This seems to work fine for my websites but I am rarely able to get mail to work with my domains. I thought install-cert would do that for dovecot and postfix by copying the required files for each domain, but apparently not.

What is available, other than install-cert to get things working for each of my domains email? Or should that work if dovecot and postfix are properly configured?

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.