diff --git a/en_US/howto/letsencrypt.md b/en_US/howto/letsencrypt.md index 2994266d..e70ce2a9 100644 --- a/en_US/howto/letsencrypt.md +++ b/en_US/howto/letsencrypt.md @@ -74,8 +74,8 @@ It should return the (public) IP address of your server. !!! warning `certbot` program offers argument `--apache` and `--nginx` to modify - Apache/Nginx config files directly, they mess up iRedMail - configurations, please do not use these 2 arguments. + Apache/Nginx config files directly, they will mess up config files + generated by iRedMail, please do __NOT__ use them. * Let's Encrypt has request rate limit control, you can request limited times for same domain in one day, but the verification process doesn't have such @@ -86,6 +86,12 @@ It should return the (public) IP address of your server. `--dry-run` argument. It will print some text on console to ask you few simple questions, please read carefully and answer them. + !!! warning + + If your iRedMail server was deployed with [iRedMail Easy + platform](https://www.iredmail.og/easy.html), please use + `-w /opt/www/well_known` instead. + ``` certbot certonly --webroot --dry-run -w /var/www/html -d mail.mydomain.com ``` @@ -119,7 +125,7 @@ What's happening after you typed this command? you may ask. We assume the web document root directory for web host name `mail.mydomain.com` is `/var/www/html` (this is default path configured - by iRedMail). In new iRedMail releases, the path `/.well-known/` is + by iRedMail downloadable installer). In new iRedMail releases, the path `/.well-known/` is defined in Nginx config file `/etc/nginx/templates/misc.tmpl`, if you have hard-coded directory for it with Nginx directive `root /path/to/somewhere;`, you need to replace `/var/www/html` by diff --git a/html/letsencrypt.html b/html/letsencrypt.html index 88788c8a..7955ba7b 100644 --- a/html/letsencrypt.html +++ b/html/letsencrypt.html @@ -26,7 +26,7 @@
Warning
certbot
program offers argument --apache
and --nginx
to modify
-Apache/Nginx config files directly, they mess up iRedMail
-configurations, please do not use these 2 arguments.
Run command below as root user to verify the request process with
--dry-run
argument. It will print some text on console to ask you few
simple questions, please read carefully and answer them.
Warning
+If your iRedMail server was deployed with iRedMail Easy
+platform, please use
+-w /opt/www/well_known
instead.
certbot certonly --webroot --dry-run -w /var/www/html -d mail.mydomain.com
@@ -160,7 +166,7 @@ works.
Warning
We assume the web document root directory for web host name
mail.mydomain.com
is /var/www/html
(this is default path configured
-by iRedMail). In new iRedMail releases, the path /.well-known/
is
+by iRedMail downloadable installer). In new iRedMail releases, the path /.well-known/
is
defined in Nginx config file /etc/nginx/templates/misc.tmpl
, if you
have hard-coded directory for it with Nginx directive root
/path/to/somewhere;
, you need to replace /var/www/html
by
@@ -199,7 +205,7 @@ It's necessary to set the permission to 0644 for other applications to access th
chmod 0644 /etc/letsencrypt/{live,archive}
-Renew the cert
+Renew the cert automatically
You can setup a daily cron job to run command certbot renew
to renew all
existing ssl certs which will expire in less than 30 days. We need its
--post-hook
argument to restart network services to load renewed ssl certs.
@@ -268,7 +274,7 @@ restart:
submit and wait for a result).
FAQ
-Renew the cert
+Renew the cert
Let's Encrypt cert will expire in 90 days, you must renew it before expired.
After renewed, don't forget to restart Postfix/Dovecot/Nginx/Apache to load the
new cert files.