sudo add-apt-repository ppa:certbot/certbot
sudo apt install python-certbot-nginx
If dkpg lock issue appears:
lsof /var/lib/dpkg/lock
ps cax | grep PID
kill PID
ps cax | grep PID # Ensure process is indeed dead
sudo rm /var/lib/dpkg/lock
sudo dpkg --configure -a
And continue with certificate installation:
sudo vim /etc/nginx/sites-available/default # Verify nginx is installed correct by checking existance of this file
sudo ufw status
sudo ufw allow 'Nginx Full'
sudo ufw delete allow 'Nginx HTTP' # Disallow http
sudo ufw allow 'OpenSSH' # So that you can SSH back into the instance next time
sudo ufw enable
sudo certbot --nginx -d mail.mywebsite.com
sudo certbot renew --dry-run # To check if autorenewal works fine
export PRIMARY_HOSTNAME=mywebsite.com
export PUBLIC_IP=122.98.190.225 # Seen in instance page
export PRIVATE_IP=10.0.0.7 # Seen in instance page
curl -s https://mailinabox.email/setup.sh | sudo -E bash
This results in an error:
Outbound mail (port 25) seems to be blocked by your network.
You will not be able to send mail using this machine, so setup
cannot continue.
Many residential networks block port 25 to prevent hijacked
machines from being able to send spam. I just tried to connect
to Google's mail server on port 25 but the connection did not
succeed.
Exiting the machine and ssh'ing back in and running same command solves the issue for some reason. Specify email ID as admin@mywebsite.com than admin@mail.mywebsite.com And specify primary hostname as mywebsite.com
Now we replace the SSL certificates with our own (Optionally delete the one MIAB made by checking the symlink ls -lh /home/user-data/ssl/
rm /home/user-data/ssl/ssl_certificate.pem
rm /home/user-data/ssl/ssl_private_key.pem
ln -s /etc/letsencrypt/live/mail.mywebsite.com/fullchain.pem /home/user-data/ssl/ssl_certificate.pem
ln -s /etc/letsencrypt/live/mail.mywebsite.com/privkey.pem /home/user-data/ssl/ssl_private_key.pem
And that's it. Ready to use