As I had many problems with my certificates and I did a lot of unneeded configurations, I will be re-installing mailcow on a new virtual machine.
My setup is following:
A firewall sends all web traffic to my main virtual web server (80/443), on this web server I have a reverse proxy forwarding web traffic per name to my mail server. On my web server I use let’s encrypt and it works nicely since years. Automatic renewal is working.
All other ports are pointing directly to my mail server.
So my thoughts are now these:
I keep running let’s encrypt on my web server and then per script sending each renewed ssl certs to my mail server putting them via rsync into
/opt/mailcow-dockerized/data/assets/ssl
Which of these 4 I need? cert.pem is an obvious one. privkey.pem? Change that name to key.pem?
SSLCertificateFile /etc/letsencrypt/live/mail.server.net/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mail.server.net/privkey.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mail.server.net/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mail.server.net/privkey.pem
then restarting the
docker-compose restart postfix-mailcow dovecot-mailcow
Anything I should know for mail clients? Outlook? Mail(MacOS)? iPhone? Android?
Did I miss something? Am I wrong with this plan? Please let me know. Thanks in advance.