Created
October 14, 2023 04:29
-
-
Save unique1984/bce5019e4791c80547fd467b43169723 to your computer and use it in GitHub Desktop.
ISPConfig3 add domain based mail ssl
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
if [ -z $1 ]; then | |
echo -e "No domain specified!" | |
exit 1 | |
fi | |
# if given domain has a website @TODO: not just website, manually geather the mail.domain.tld certificates... | |
if [ ! -d /var/www/$1 ]; then | |
echo -e "There is no website named $1 !" | |
exit 1 | |
fi | |
# if ssl of domain exists @TODO what if already appened! | |
if [ -d /root/.acme.sh/$1 ]; then | |
echo "mail.$1 /root/.acme.sh/$1/$1.key /root/.acme.sh/$1/fullchain.cer" >> /etc/postfix/vmail_ssl.map | |
echo -e "local_name mail.$1 { | |
ssl_cert = </root/.acme.sh/$1/fullchain.cer | |
ssl_key = </root/.acme.sh/$1/$1.key | |
} | |
" >> /etc/dovecot/ssl-sni.conf | |
postmap -F hash:/etc/postfix/vmail_ssl.map | |
systemctl reload postfix.service | |
systemctl reload dovecot.service | |
#openssl s_client -connect localhost:25 -servername mail.$1 -starttls smtp | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
tls_server_sni_maps = hash:/etc/postfix/vmail_ssl.map
line must be add into/etc/postfix/main.cf
!include ssl-sni.conf
line must be add into/etc/dovecot/dovecot.conf
domain must have letsencrypt ssl using acme.sh and ssl must be *.domain.tld
mail subdomain (mail.domain.tld) must be add to domain with ssl
addMailSslDomain.sh domain.tld
and its okay.