https://github.com/hlandau/acme/releases Got some ideas from here (Credit goes to Teranus ) http://www.easyscp.net/forum/index.php/Thread/1265-Certificates-via-acmetool-on-EasySCP/
Follow instructions, but dont simply copy them:
# Download a **non_cgo** tar.gz into /usr/local/
$ cd /usr/local
$ wget https://github.com/hlandau/acme/releases/download/v0.0.67/acmetool-v0.0.67-linux_amd64.tar.gz
# extract the archive
$ tar xzf acmetool-v0.0.67-linux_amd64.tar.gz
# copy the binary to its place
$ cp -ar ./acmetool-v0.0.67-linux_amd64/bin/acmetool /usr/local/sbin/
# create the man folder and copy the manual to its place
$ mkdir -p /usr/local/share/man/man8
$ cp -ar ./acmetool-v0.0.67-linux_amd64/doc/acmetool.8 /usr/local/share/man/man8
# do the quickstart
$ acmetool quickstart
# Choose WEBROOT
# Declare and create /var/www/easyscp/gui/tools/.well-known/acme-challenge
$ mkdir -p /var/www/easyscp/gui/tools/.well-known/acme-challenge
$ chown vu2000:vu2000 /var/www/easyscp/gui/tools/.well-known -R
# prepare apache for provide the verification folder for all domains
$ echo 'Alias /.well-known /var/www/easyscp/gui/tools/.well-known' > /etc/apache2/conf.d/acme.conf
$ apache2ctl graceful
# prepare combined PEM file creation
$ echo 'HAPROXY_ALWAYS_GENERATE=yes' > /etc/default/acme-reload
# create the first certificate
$ acmetool want ${YOUR FIRST DOMAIN}
create /etc/apache2/conf.d/hard-ssl.conf
SSLProtocol All -SSLv2 -SSLv3 SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4 SSLHonorCipherOrder on
Edit /etc/apache2/ports.conf, and add NameVirtualHost *:443 within the IfModule blocks:
<IfModule mod_ssl.c>
# If you add NameVirtualHost *:443 here, you will also have to change
# the VirtualHost statement in /etc/apache2/sites-available/default-ssl
# to <VirtualHost *:443>
# Server Name Indication for SSL named virtual hosts is currently not
# supported by MSIE on Windows XP.
NameVirtualHost *:443
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
NameVirtualHost *:443
Listen 443
</IfModule>
Copy your complete VirtualHost block, place it into an <IfModule mod_ssl.c> block change the port from :80 to :443
<IfModule mod_ssl.c>
<VirtualHost *:443>
...
</VirtualHost>
</IfModule>
add the following lines inside the Virtualhost block
SSLEngine on
SSLCertificateFile /var/lib/acme/live/${YOUR FIRST DOMAIN}/cert
SSLCertificateKeyFile /var/lib/acme/live/${YOUR FIRST DOMAIN}/privkey
SSLCertificateChainFile /var/lib/acme/live/${YOUR FIRST DOMAIN}/chain
After everything is configured, it is time to enable the SSL module of apache, test the config, and restart apache
a2enmod ssl
apache2ctl configtest
service apache2 restart
Configuration in /etc/dovecot/conf.d/10-ssl.conf
ssl = yes
ssl_cert = </var/lib/acme/live/${YOUR FIRST DOMAIN}/fullchain
ssl_key = </var/lib/acme/live/${YOUR FIRST DOMAIN}/privkey
ssl_protocols = !SSLv2 !SSLv3
ssl_cipher_list = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
after configuration
# restart dovecot
$ /etc/init.d/dovecot restart
in main.cf change the cert and key
smtpd_tls_cert_file=/var/lib/acme/live/${YOUR FIRST DOMAIN}/fullchain
smtpd_tls_key_file=/var/lib/acme/live/${YOUR FIRST DOMAIN}/privkey
in master.cf change submission, and uncomment/create smtps like below:
submission inet n - - - - smtpd
# -o smtpd_tls_security_level=encrypt
-o syslog_name=postfix/submission
-o smtpd_tls_wrappermode=no
-o smtpd_sasl_auth_enable=yes
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
smtps inet n - - - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
after configuration
# restart postfix
$ /etc/init.d/postfix restart
You should also declare the services above, for reload if auto renew happens:
$ echo 'SERVICES="apache2 dovecot postfix"' >> /etc/default/acme-reload