Let's Encrypt Certificates with Eximby J. Edward Durrett
Let's Encrypt /
FreeBSD / Exim / TLS
./letsencrypt-auto certonly --debug -c /usr/local/etc/letsencrypt/cli.ini -d [domainname]
The --debug flag is needed since the current python client is not
completely problem free on FreeBSD. That is not an issue as we are only
getting a certificate and not using the advanced features like auto
configuration of Apache or other web server.
The next step is a bit hackish and really isn't very elegant. The
letsencrypt command gets certificates and installs it in
/etc/letsencrypt/archive/[domainname]/ and then makes symlinks to
/etc/letsencrypt/live/[domainname]/. Well, Exim doesn't seem to want to
read symlinks and pointing the Exim configuration to the archive
directory does not make sense, as I have a much more elegant solution in
the works. But, copying the certificate and key into a special
directory for Exim works:
NOTE:This was not an issue with symllinks, but permissions. A better, more up to date guide is here.
cp /etc/letsencrypt/archive/[domainname]/fullchain1.pem \
cp /etc/letsencrypt/archive/[domainname]/privkey1.pem \
And then in /usr/local/etc/exim/configure:
tls_certificate = /etc/ssl/exim/exim.cert
tls_privatekey = /etc/ssl/exim/exim.key
Restarting Exim is the last step.
Copyright (c) 2019, Jason Edward Durrett - All content on this site, unless otherwise noted, is subject to this license.
Please contact me if any errors, such as erroneous / misleading content or missing / incomplete attribution, are found.