efa-project.org

Say for example from startssl.com?
And where are they all being used?

i.e.
- apache2
- postfix
- anywhere else?

anywhere else?
How about a GUI where we can copy/paste our certificate/key and save it for EFa to use?

Or maybe is a solution using letsencrypt coming "soonish" ? => viewtopic.php?t=1480

That's it, just postfix and apache.

OK, cool, thanks for confirming. I can manually handle those two, maybe but a GUI solution into your feature-suggestions list

What is the procedure for this? Linux noob here...

Do I just replace the .crt files? What about if I have intermediate certificates from the author? What is the path for Postfix and Apache certs?

Thanks for any help! Appreciate EFA!

sorry missed this, look into: /etc/postfix/main.cf and find for whatever reason, smtpd_tls_CAfile is in there twice.

for apache I couldn't find the configs so I looked into webmin and it lists:

Certificate/private key file: /etc/pki/tls/certs/localhost.crt
Private key file: /etc/pki/tls/private/localhost.key

maybe someone can confirm this is correct.

I've just implemented a certificate from letsencrypt via acme.sh and here are my steps adapted from another forum. Original thread is here: https://www.howtoforge.com/community/th ... 097/page-2 I am not claiming any originality.

1. Login as root on your server
2. Go to a dir where you want to clone to (I like /usr/local/src) and clone the repo: 3. Got into the dir an install it. There's a simple install command but I'd prefer to provide a few more options. Find all options here: https://github.com/Neilpang/acme.sh/wik ... stallation. --certhome is where acme.sh saves the certs to
--accountemail is the email used to register the account to LE
The installation performs 3 actions:
a. create and copy the acme.sh into the given home dir
b. create alias for acme.sh
c. create everyday cron to check if renew is needed - check your crontab, cron will look like this: to edit type: crontab -e
4. Issue a cert 5. Install cert and reload/restart services 6. Open Webmin and go to Servers => Apache Web Server => Existing Virtual Hosts and edit the one listening on port 443.
Select: SSl Options and adjust the paths for Certificate/private key file to the crt file /etc/pki/tls/certs/efa.domain.tld.crt and Private key file to /etc/pki/tls/private/efa.domain.tld.key then Certificate authorities file to /etc/pki/tls/certs/efa.domain.tld.bundle
7. Reload apache 8. Setup Auto-Upgrade To edit Webmin certificate:
Go to EFA => Dashboard => TOOLS => Webmin => Webmin => Webmin configuration => SSL Encryption => SSL Settings
Private key file: /etc/pki/tls/private/efa.domain.tld.key
Certificate file => separate file: /etc/pki/tls/certs/efa.domain.tld.crt

Save, reload, done.

I just realized that webmin has a LETSENCRYPT tab which could possibly do this automatically?
Anyone want to have a look and give some feedback?
Go to EFA => Dashboard => TOOLS => Webmin => Webmin => Webmin configuration => SSL Encryption => SSL Settings => Let's Encrypt

For postfix simply edit /etc/postfix/main.cf to look like this: reload postfix: /etc/init.d/postfix reload

You can do it all in Webmin for the GUI minded users.. I wrote up a quick how-to about how I did it.. Hope it helps someone

Goto Webmin (usually https://<address>:10000)
In the console open Webmin - Webmin Configuration - SSL Encryption and click Certificate Signing Request tab.

Fill in the servername FQDN (ie efa-3.domain.lan), Organization, Country code, etc. and click Create Now
Copy the CSR text into a text file and send it to your CA. If all is well you should receive a certificate file in return.
Copy the text inside the resulting certificate file into your clipboard.
In the SSL Encryption part of Webmin click the Upload Certificate tab and paste the text in the Certificate text box and select "Entered below"
If your CA also requires you to install intermediate certificates you should copy and paste the text of that certificate into the "Chained Certificate text" and enable the "Entered below" for that option. I didn't have to do that as I used my own CA to generate the certificate.
When you press "Save" it will tell you where it saved the key and certificate files.
For instance: "The supplied SSL key has been saved in /etc/webmin/miniserv.pem, and the certificate in /etc/webmin/miniserv.cert." Remember/copy these locations for the next part!

Goto Servers-Apache Webserver. Select the Virtual server with port 443 in the Existing Virtual hosts tab. Select SSL Options.
Using the example above: put /etc/webmin/miniserv.cert in the Certificate/private key box. Put /etc/webmin/miniserv.pem in the Private Key file box. Replace these values with the ones from the previous step.
Go back to Servers - Apache Webserver and click Apply changes (upper-right corner)

Check your website on HTTPS and check the certificate, it should display (and use) the newly added certificate.

ps. I only did this for Apache, but if you need the same in Postfix it probably requires the same steps but using Servers - Postfix - SMTP Authentication and Encryption instead.