这是mailcow自建邮局系列的第二篇教程,出于网络传输安全考虑,有必要对邮局启用TLS/SSL加密,这时候就需要用到SSL证书。
mailcow自动申请SSL证书
mailcow部署完毕后会自动使用ACME申请SSL证书,但前提是您使用的默认WEB端口80(Let’s Encrypt验证需要),如果非默认端口,则无法申请。也或者其它原因(如网络原因)可能导致申请失败。
由于磊大并未使用默认的80端口,因此就无法使用mailcow的自动SSL证书申请,我们也可以自行申请SSL证书后部署到mailcow,这样更加靠谱。
申请SSL证书
上一篇文章提到,如果您主机名设置为mail.domain.com,那么去申请SSL证书的时候也需要用这个域名(注意是二级域名,不是顶级域名),申请SSL证书这篇文章不做详细介绍。目前腾讯云、阿里云均提供免费的DV SSL证书,可以参考:
使用自己的SSL证书
磊大使用的是腾讯云免费SSL证书,申请完毕后下载Nginx的格式保存到本地。里面应该有4个文件,不过我们只会用到.crt和.key这两个后缀结尾的文件。
然后将.crt后缀的文件命名为cert.pem,将.key后缀的文件命名为key.pem并上传到mailcow目录下的data/assets/ssl目录进行替换。
注意:替换前可以将原来的文件备份,另外不要使用软连接。
然后修改mailcown.conf这个配置文件,将:
SKIP_LETS_ENCRYPT=n修改为
SKIP_LETS_ENCRYPT=y最后重启受影响的3个容器:
docker restart $(docker ps -qaf name=postfix-mailcow)
docker restart $(docker ps -qaf name=nginx-mailcow)
docker restart $(docker ps -qaf name=dovecot-mailcow)验证
输入下面的命令查看和验证SSL证书是否有效:
# 验证SMTP TLS端口
echo "Q" | openssl s_client -starttls smtp -crlf -connect mail.domain.com:587
#验证IMAP端口
echo "Q" | openssl s_client -starttls imap -showcerts -connect mail.domain.com:143
#验证HTTPS
echo "Q" | openssl s_client -connect mail.domain.com:443注意:请将mail.domain.com改成你自己的域名。
Great read! The depth and clarity of your analysis are impressive. If anyone is interested in diving deeper into this subject, check out this link: DISCOVER MORE. Looking forward to everyone’s thoughts!
You really make it seem really easy along with your presentation however I find this topic to be actually
one thing that I think I would by no means understand. It sort
of feels too complex and very large for me. I am looking ahead for your
subsequent post, I will try to get the dangle of it!
Najlepsze escape roomy
I like this web site very much, Its a rattling nice place to read and
obtain info.?
Having read this I thought it was really enlightening. I appreciate you spending some time and effort to put this short article together. I once again find myself spending way too much time both reading and posting comments. But so what, it was still worthwhile!
An outstanding share! I’ve just forwarded this onto a colleague who had been conducting a little homework on this. And he actually bought me lunch because I discovered it for him… lol. So allow me to reword this…. Thanks for the meal!! But yeah, thanks for spending the time to talk about this matter here on your website.