Page MenuHomeDevCentral

Deploy renewed SSL certificate for mail.nasqueron.org to the mail server LXC container
Closed, ResolvedPublic

Event Timeline

dereckson claimed this task.Apr 28 2016, 21:39
dereckson added a subscriber: dereckson.
dereckson triaged this task as High priority.May 30 2016, 14:31
dereckson added projects: Servers, Mail.
dereckson renamed this task from renew SSL certificate for mail.nasqueron.org to Deploy renewed SSL certificate for mail.nasqueron.org to the mail server LXC container.May 31 2016, 17:10
dereckson raised the priority of this task from High to Unbreak Now!.May 31 2016, 20:52
dereckson closed this task as Resolved.May 31 2016, 21:19

Installation

Dwellers
$ cp /data/letsencrypt/etc/archive/mail.nasqueron.org-0001/fullchain1.pem /var/lib/lxc/mailserver/rootfs/etc/ssl/certs/mailserver.crt
$ cp /data/letsencrypt/etc/archive/mail.nasqueron.org-0001/privkey1.pem /var/lib/lxc/mailserver/rootfs/etc/ssl/private/mailserver.key

That doesn't need any Postfix restart.

Test

Local workstation
$ SERVERNAME=mail.nasqueron.org
$ printf 'quit\n' | openssl s_client -connect $SERVERNAME:25 -starttls smtp | openssl x509 -enddate -noout
depth=2 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Signing, CN = StartCom Certification Authority
verify return:1
depth=1 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Signing, CN = StartCom Class 1 Primary Intermediate Server CA
verify return:1
depth=0 C = BE, CN = mail.nasqueron.org, emailAddress = sebastien.santoro@trantorium.com
verify error:num=10:certificate has expired
notAfter=May 28 06:07:19 2016 GMT
verify return:1
depth=0 C = BE, CN = mail.nasqueron.org, emailAddress = sebastien.santoro@trantorium.com
notAfter=May 28 06:07:19 2016 GMT
verify return:1
250 DSN
DONE
notAfter=May 28 06:07:19 2016 GMT
$ printf 'quit\n' | openssl s_client -connect $SERVERNAME:25 -starttls smtp | openssl x509 -enddate -noout
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = mail.nasqueron.org
verify return:1
250 DSN
DONE
notAfter=Aug 19 12:17:00 2016 GMT