Skip to content

Instantly share code, notes, and snippets.

@unique1984
Created October 14, 2023 04:29
Show Gist options
  • Save unique1984/bce5019e4791c80547fd467b43169723 to your computer and use it in GitHub Desktop.
Save unique1984/bce5019e4791c80547fd467b43169723 to your computer and use it in GitHub Desktop.
ISPConfig3 add domain based mail ssl
#!/usr/bin/env bash
if [ -z $1 ]; then
echo -e "No domain specified!"
exit 1
fi
# if given domain has a website @TODO: not just website, manually geather the mail.domain.tld certificates...
if [ ! -d /var/www/$1 ]; then
echo -e "There is no website named $1 !"
exit 1
fi
# if ssl of domain exists @TODO what if already appened!
if [ -d /root/.acme.sh/$1 ]; then
echo "mail.$1 /root/.acme.sh/$1/$1.key /root/.acme.sh/$1/fullchain.cer" >> /etc/postfix/vmail_ssl.map
echo -e "local_name mail.$1 {
ssl_cert = </root/.acme.sh/$1/fullchain.cer
ssl_key = </root/.acme.sh/$1/$1.key
}
" >> /etc/dovecot/ssl-sni.conf
postmap -F hash:/etc/postfix/vmail_ssl.map
systemctl reload postfix.service
systemctl reload dovecot.service
#openssl s_client -connect localhost:25 -servername mail.$1 -starttls smtp
fi
@unique1984
Copy link
Author

unique1984 commented Oct 14, 2023

tls_server_sni_maps = hash:/etc/postfix/vmail_ssl.map line must be add into /etc/postfix/main.cf
!include ssl-sni.conf line must be add into /etc/dovecot/dovecot.conf

domain must have letsencrypt ssl using acme.sh and ssl must be *.domain.tld
mail subdomain (mail.domain.tld) must be add to domain with ssl

addMailSslDomain.sh domain.tld and its okay.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment