First I’d like to thank for taking the time to reply to my questions.
I understand the easy advice as follows:
- in opnsense I install the acme plugin and let the opnsense take care for the let’s encrypt certs. I already tested this way, this plugin works.
- I daily copy, preferably with a cron job, the certs to mailcow - what path/location exactly?
- the mailcow VM has to be daily rebooted, to recognize the new certs?
Thank you for describing the way with a reverse proxy. I tried this but honestly, as a part time admin, this is way too complicated for me.
Everything works really pretty well out of the box, if mailcow does not sit in a VM (and probably in lxc container) and behind a firewall like opnsense or pfsense. I tested mailcow at home on a laptop running with arch linux. There’s an asus router in front of the home network. No problem to configure a port forward to the laptop, so everything works as intended.
Anyway, if I take the road kicou suggests, where in mailcow can acme be safely disabled? Is it in the GUI or better with the command line?