Use Let’s Encrypt SSL with Mailcleaner

If you host your own mail server you know that one of the biggest issues is spam. How do you get rid of them, is there any good tool, open source? Or maybe you have to go for that overpriced “enterprise grade” software that will erase all spam (commercials always exaggerate) emails just to get some peace of mind? Well, not if you use Mailcleaner. It’s open source, free, easy to install, and gives you that peace of mind without the need to pay for it. They have different plans if you’re interested though.

We have used it for some time now, and they just released a new version called “2017.09 Jessie” that can be found here as different VMs. But if you ended up here you probably already have it installed and just want to know how to install Let’s Encrypt to get free SSL together with Mailcleaner. So, here we go.

1. Login via SSH with your favorite terminal and run these commands:

   $~: cd /etc

   $~: git clone https://github.com/letsencrypt/letsencrypt

   $~: cd /etc/letsencrypt

   $~: ./cerbot-auto certonly --standalone --pre-hook '/usr/mailcleaner/etc/init.d/apache stop' --post-hook '/usr/mailcleaner/etc/init.d/apache start' -d mailcleaner.example.com

2. Edit the Mailcleaner Apache template

   $~: nano /usr/mailcleaner/etc/apache/sites/mailcleaner.conf_template

   Change this:

   Redirect / https://__SERVERNAME__/
   
   ########
   
   SSLCACertificatePath __SRCDIR__/etc/apache/certs
   SSLCertificateFile __SRCDIR__/etc/apache/certs/certificate.pem
   __IFSSLCHAIN__ SSLCertificateChainFile __SRCDIR__/etc/apache/certs/certificate-chain.pem

   To this:

   # Redirect / https://__SERVERNAME__/ 
   
   Redirect / https://mailcleaner.example.com/
   
   ########
   
   # SSLCACertificatePath __SRCDIR__/etc/apache/certs
   # SSLCertificateFile __SRCDIR__/etc/apache/certs/certificate.pem
   #__IFSSLCHAIN__ SSLCertificateChainFile __SRCDIR__/etc/apache/certs/certificate-chain.pem
   
   SSLCACertificatePath /etc/letsencrypt/live/mailcleaner.example.com
   SSLCertificateFile /etc/letsencrypt/live/mailcleaner.example.com/fullchain.pem
   SSLCertificateKeyFile /etc/letsencrypt/live/mailcleaner.example.com/privkey.pem
   __IFSSLCHAIN__ SSLCertificateChainFile /etc/letsencrypt/live/mailcleaner.example.com/chain.pem

3. Extract the info from the Let’s Encrypt certs to your GUI

   Go to Configuration –> Services –> Webinterfaces and post the content of the following files:

   fullchain.pem –> Encoded SSL certificate
   privkey.pem –> Encoded SSL private key
   chain.pem –> Encoded SSL certificate chain

   Use cat /etc/letsencrypt/live/mailcleaner.example.com/file.pem

4. Restart Mailcleaner

   $~: /usr/mailcleaner/etc/init.d/mailcleaner restart

5. Add a cronjob for the renewal

   $~: crontab -e

   Add this at the bottom:

   # Let's Encrypt
   43 5 * * * /etc/letsencrypt/certbot-auto renew

6. Enjoy Mailcleaner with Let’s Encrypt!

This post is not sponsored by Mailcleaner