Looking good !
in Production mode, and reconfiguring email clients to remove the 'smtp and mail.' addresses and replace with 'www.'
once done email starts flowing
Cool.
So setup/add your smtp/imap hosts correctly and get certificates for them as well.
Same drill. Add them, console-save then dehydrated -c -x to force renewal.
I do need to work out how I will manage 2 different servers using lets encrypt, and how I port forward to both, but that is another challenge.
That is trickier. Letsencrypt will only contact 80 or 443 and you can only run one server on each port. (There are some fancier methods but we do not manage them)
So you might have to get all the certificates for hosts/domains that you require on your SME and then use a hook script to copy the certificates to the other server.
There are basic templates there which you can add too.
Look in /etc/e-smith/templates/usr/bin/hook-script.sh
Add your own in:
/etc/e-smith/templates-custom/usr/bin/hook-script.sh
Here's one of my templates - I have media.mydomain.com running on 8440 and ubiquiti.mydomain.com on 8441
{
# Probably not required but I was faffing and testing
use strict;
use warnings;
use esmith::ConfigDB;
my $configDB = esmith::ConfigDB->open_ro or die("can't open Config DB");
my $letsencryptStatus = $configDB->get_prop( 'letsencrypt', 'status' ) || 'disabled';
# To here
# For Testing
# $OUT .= " echo \"\$2 certificate renewal\\n 1 \$1 3 \$3 4 \$4 5 \$5 6 \$6\" | mail -s \"Certificate renewals\" admin\@impamark.com\n\n";
# Notes from here https://gist.github.com/jrotello/18ab3e1982d46b04a269dfbc63aa097f
# https://www.werts.nl/ssl-certificate-installation-on-the-ubiquiti-unifi-controller-linux/
if ( $letsencryptStatus ne 'disabled' ) {
$OUT .=<<'_EOF';
if [ $1 = "deploy_cert" ]; then
KEY=$3
CERT=$4
CHAIN=$6
scp -P 22 $CERT root@192.168.10.191://etc/dehydrated/certs/mydomain.net/cert.pem
scp -P 22 $KEY root@192.168.10.191://etc/dehydrated/certs/mydomain.net/privkey.pem
scp -P 22 $CHAIN root@192.168.10.191://etc/dehydrated/certs/mydomain.net/chain.pem
scp -P 22 /etc/dehydrated/certs/mydomain.net/fullchain.pem root@192.168.10.191:/etc/dehydrated/certs/mydomain.net/fullchain.pem
ssh -p 22 root@192.168.10.191 "/usr/bin/systemctl restart jellyfin"
ssh -p 22 root@192.168.10.191 "/root/scripts/unifi_ssl_import.sh"
echo "ubuntu-media $2 certificate renewed\n 1 $1 3 $3 4 $4 5 $5 6 $6" | mail -s "Certificate renewal ubuntu-media" admin@mydomain.net
fi
_EOF
}
}