What is the correct way to use an SSL cert for Dovecot/Postfix?

When using a self-signed cert you simply ‘copy to dovecot’/postfix, but how do you automate or set that up for a letsencrypt (or similar) cert?

You mean on creation. Virtualmin configuration has the settings,

1 Like

Is this not automated already by default? I never had to do anything for it and SSL for email always has worked fine with the letsencrypt certs?

Only one time I had to activate it due reasons on a later moment. This was just via Virtualmin → Server Configuration → SSL Certificate → Current Certificate and than click the button below: Copy SSL Certificate to services. And like that, it worked.

1 Like

Yes, correct! It is all automated by default. @Brook You don’t need to do anything else!

1 Like

Thanks everyone - anyone know which files need to be copied where?

I think I know why it’s not working. We use a script that handles the letsencrypt renewals because HAProxy handles the serving of http/s (this is because we also use docker to serve some sites). The script runs daily and then copies any renewed files to HAProxy before restarting it.

Here’s the code responsible:

  def create_combined_files
    @msgs << "Creating combined files... \n"
    @list_of_domains_requiring_renewal.each do |domain|
      fullchain = File.read("/etc/letsencrypt/live/#{domain}/fullchain.pem")
      privkey = File.read("/etc/letsencrypt/live/#{domain}/privkey.pem")
      File.open("/etc/haproxy/certs/#{domain}.pem", "w") do |f|
      @msgs << "Finished creating combined_file for #{domain}... \n"

Should I also copy the combined file to the following?


Will that be enough for Dovecot and Postfix or does it (or something else) have to be copied anywhere else as well?

You can see where Virtualmin configures SSL certificates by going to System Settings ⇾ Server Templates: SSL website for domain page.

Virtualmin writes out a file containing both the domain and CA SSL website to ssl.combined file.