Logout

Alt-N Discussion Groups > MDaemon Discussion Groups > MDaemon Configuration > Archive > Let's Encrypt implementation

 [F] Alt-N Discussion Groups  / MDaemon Discussion Groups  / MDaemon Configuration  / Archive  /

Let's Encrypt implementation

Hi everyone

I've moved MDaemon from old 32-bit Win Server 2003 machine to 64-bit
server few days ago. Previously I've used self-signed certificate,
created by MDaemon itself but Let's Encrypt solution sounds better and
now I can (try to) implement it. Been reading about it yesterday and
today and I'm still not clear about couple of things.

First, my (simplified) situation is as follows:
Single MDaemon machine is handling 5 domains, via 2 public IP addresses:
domain_AAA.com (primary), domain_AAA.org, domain_BBB.com, domain_BBB.org
and domain_CCC.com
Every domain has following DNS records: "mail", "L2" and "webmail" (for
example mail.domain_AAA.com, L2.domain_AAA.com and
webmail.domain_AAA.com, mail.domain_AAA.org, L2.domain_AAA.org,
webmail.domain_AAA.org and so on).
Records "mail" and "webmail", for all domains, are pointed towards
public IP address 1, "L2" to IP address 2. Both IP addresses are put in
MX records and used for webmail access.
WorldClient is run by internal webserver (not IIS).

My questions are:
1) PowerShell script, execution policy.
KBA-1182 says "You will need to correctly set the execution policy for
PowerShell before it will allow you to run this script".
Currently execution policies are undefined, for all scopes. What would
be correctly set execution policy?

2) KBA-1182 advises running test command line before enabling Let's
Encrypt in MDaemon. Later KBA-1201 doesn't mention anything about that.
Running test line via PowerShell first sounds like a good idea. What is
the official recommendation?

3) command line (from KBA-1182) -> .\LetsEncrypt.ps1 -AlternateHostNames
mail.domain.com,imap.domain.com,wc.domain.com -To "admin@yourdomain.com"
For AlternateHostNames parametar should I enter all of the DNS records I
need, all 15 of them (minus mail.domain_AAA.com which is primary
domain's host name)?

Can wildcards be used like with 'Alternative host names' field when
creating SSL certificate in MDaemon?
For example *.domain_AAA.com, *.domain_AAA.org,... or, even better,
*.domain_AAA.*, *.domain_BBB.*...?

Also, don't know if its relevant or not, I had to move HTTPS port to
445. Port 80 is clear and used by WorldClient.

Thanks

  (older msg: 1)All MessagesOldest ItemsOlder ItemsNewer ItemsNewest Items

Aleksandar Devecerski - Mar 14, 2019 9:56 am (#2 Total: 4)  

 

Photo of Author
Aleksandar Deve…
Newbie
Newbie
Posts: 47
I will do as you recommended, this is why I asked in the first place .

Thank you very much Arron.

Arron.Caruth@mdaemon.com - Mar 14, 2019 12:01 pm (#3 Total: 4)  

Guest User  

Photo of Author
Posts: 1

No problem, I’m glad to help.

 

Let us know if you have any other questions or if you run into any issues.


--
Arron Caruth
Director of Product Development
o: 817-601-3222    e: arron.caruth@mdaemon.com

MDaemon Technologies
Simple Secure Email
Visit us on www.mdaemon.com | Facebook | LinkedIn | YouTube
Sent using the MDaemon Email Server

 

From: md-configuration@mdaemon.com [mailto:md-configuration@mdaemon.com] On Behalf Of Aleksandar Devecerski (lists-md-configuration@mdaemon.com)
Sent: Thursday, March 14, 2019 9:56 AM
To: md-configuration List Member <md-configuration@mdaemon.com>
Subject: [md-configuration] Let's Encrypt implementation

 

I will do as you recommended, this is why I asked in the first place .

Thank you very much Arron.


View/reply at Let's Encrypt implementation

 
 
--MD-Configuration---------------------------------------------------
This list is for questions about the configuration of MDAEMON. To 
unsubscribe from this mailing list send an email to 
md-configuration-unsubscribe@mdaemon.com .
--POWERED BY MDAEMON!------------------------------------------------
 
---------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user 
support and discussion.  MDaemon staff members may participate in the 
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical 
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
---------------------------------------------------------------------

--MD-Configuration---------------------------------------------------
This list is for questions about the configuration of MDAEMON. To
unsubscribe from this mailing list send an email to
md-configuration-unsubscribe@mdaemon.com .
--POWERED BY MDAEMON!------------------------------------------------

---------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user
support and discussion.  MDaemon staff members may participate in the
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
---------------------------------------------------------------------

Aleksandar Devecerski - Mar 15, 2019 9:52 am (#4 Total: 4)  

 

Photo of Author
Aleksandar Deve…
Newbie
Newbie
Posts: 84

MDaemon
RelayFax
SecurityPlus
WebAdmin
Certificate in place, no (major) issues.

Just in case someone else went that way, WorldClient option "HTTP
redirected to HTTPS" when using non-443 HTTPS port (although correctly
set at the firewall) generates fatal error and stops configuration
script. Repeated attempts to understand what is happening then trigger
Let's Encrypts 5 unsuccessful tries per hour limit...

Switching to "HTTP and HTTPS" or just "HTTP" resolves the issue.

Regards


On 14.03.2019 18:01, Arron Caruth (Arron.Caruth@mdaemon.com) wrote:
> No problem, I’m glad to help.
>
> Let us know if you have any other questions or if you run into any issues.
>
>
> --
> *Arron Caruth*
> Director of Product Development
> *o*: 817-601-3222 *e*: arron.caruth@mdaemon.com
>
> *M*Daemon Technologies
> *Simple Secure Email*
> Visit us on www.mdaemon.com | Facebook
> <https://www.facebook.com/MDaemon.Technologies/> | LinkedIn
> <https://www.linkedin.com/company/mdaemon-technologies> | YouTube
> <https://www.youtube.com/c/MDaemonTechnologies>
> Sent using the MDaemon Email Server <http://www.mdaemon.com/>
>
> *From:*md-configuration@mdaemon.com
> [mailto:md-configuration@mdaemon.com] *On Behalf Of *Aleksandar
> Devecerski (lists-md-configuration@mdaemon.com)
> *Sent:* Thursday, March 14, 2019 9:56 AM
> *To:* md-configuration List Member <md-configuration@mdaemon.com>
> *Subject:* [md-configuration] Let's Encrypt implementation
>
> I will do as you recommended, this is why I asked in the first place
> .
>
> Thank you very much Arron.
>
> ------------------------------------------------------------------------
>
> View/reply at Let's Encrypt implementation
> <http://lists.altn.com/WebX?13@@.59862e7f/1>
>
> --MD-Configuration---------------------------------------------------
>
> This list is for questions about the configuration of MDAEMON. To
> unsubscribe from this mailing list send an email to
> md-configuration-unsubscribe@mdaemon.com <mailto:md-configuration-unsubscribe@mdaemon.com> .
>
> --POWERED BY MDAEMON!------------------------------------------------
>
> ---------------------------------------------------------------------
>
> These forums are provided by MDaemon Technologies for user-to-user
> support and discussion.  MDaemon staff members may participate in the
> forums periodically but please recognize that this is not the official
> method of receiving technical support. To receive personal technical
> support please use the form here:
> http://www.mdaemon.com/Support/RequestSupport/
>
> ---------------------------------------------------------------------
>
> --MD-Configuration---------------------------------------------------
> This list is for questions about the configuration of MDAEMON. To
> unsubscribe from this mailing list send an email to
> md-configuration-unsubscribe@mdaemon.com .
> --POWERED BY MDAEMON!------------------------------------------------
>
> ---------------------------------------------------------------------
> These forums are provided by MDaemon Technologies for user-to-user
> support and discussion. MDaemon staff members may participate in the
> forums periodically but please recognize that this is not the official
> method of receiving technical support. To receive personal technical
> support please use the form here:
> http://www.mdaemon.com/Support/RequestSupport/
> ---------------------------------------------------------------------
>




  All MessagesOldest ItemsOlder ItemsNewer ItemsNewest Items



 Content:

Read New | Search

 Guest:

Email to Admin



You are visiting as a Guest user.