Using Let's Encrypt to Manage Your Certificate
To support SSL/TLS and HTTPS for MDaemon, Webmail, and Remote Administration, you need an SSL/TLS Certificate. Certificates are small files issued by a Certificate Authority (CA) that are used to verify to a client or browser that it is connected to its intended server, and that enable SSL/TLS/HTTPS to secure the connection to that server. Let's Encrypt is a CA that provides free certificates via an automated process designed to eliminate the currently complex process of manual creation, validation, signing, installation, and renewal of certificates for secure websites.
To support using Let's Encrypt's automated process to manage a certificate, this screen is provided to help you easily configure and run the PowerShell script included in the "MDaemon\LetsEncrypt" folder. Running the script will set up everything for Let's Encrypt, including putting the necessary files in the Webmail HTTP folder to complete the http-01 challenge. It uses the SMTP host name of the default domain as the domain for the certificate, includes any Alternate host names you have specified, retrieves the certificate, imports it into Windows, and configures MDaemon to use the certificate for MDaemon, Webmail, and Remote Administration. Further, the script creates a log file in the "MDaemon\Logs\" folder, called LetsEncrypt.log. This log file is removed and recreated each time the script runs, and it includes the starting date and time of the script. Also, notification emails will be sent when errors occur if you specify an Admin email for notifications.
|
Let's Encrypt requires PowerShell 5.1 and .Net Framework 4.7.2, which means that it will not work on Windows 2003. Also, Webmail must be listening on port 80, and the script will not work if you have an SMTP host name (i.e. FQDN) setup for your default domain that does not point to the MDaemon server. |
Let's Encrypt PowerShell Updates
Enable updates
Click this checkbox if you wish to automatically create and update an SSL/TLS certification via the Let's Encrypt script. The certificate will be updated every 10-60 days according to your Days between updates setting below.
Alternate host names (separate multiple host names with a comma)
If you wish to setup alternate host names in the certificate, specify those host names here, separated by commas. You do not need to include the SMTP host name for the default domain in this list. For example, if your default domain were "example.com," configured with an SMTP host name of "mail.example.com," and you wanted to use an alternate host name of "imap.example.com," then you would only include "imap.example.com" as an alternate host name. If you do not wish to use any alternate host names then leave this option blank. Note: if you include alternate host names, an HTTP challenge from Let's Encrypt must be completed for each one to validate your server's control of that host name. If the challenges are not all completed then the process will fail.
IIS site name (available when using external web mail server)
If you are running Webmail via IIS, enter the IIS site name here. You must have Microsoft's Web Scripting tools installed in order for the certificate to be automatically set up in IIS.
Admin email for notifications
Specify an administrator email address here if you wish to be notified when an error occurs during a Let's Encrypt update.
Remove old certificates (expired > 30 days ago)
By default MDaemon will remove any old certificates that have been expired longer than 30 days. Uncheck this box if you do not wish to remove them automatically.
Days between updates (10-60)
Use this option to specify how often your certificate should be updated, from 10-60 days. The default setting is 60 days.
Run Now
Click this button to immediately run the script.
