lets encrypt certificate

How to create Lets encrypt certificate for Debian + apache + dovecot + postfix

We can download the certbot-auto Let’s Encrypt client to the /usr/local/sbin directory by typing:

Lets Encrypt

cd /usr/local/sbin
sudo wget https://dl.eff.org/certbot-auto

Make it executable
sudo chmod a+x /usr/local/sbin/certbot-auto

Create cerfificate for all domains you need
certbot-auto --apache -d example.com -d www.example.com -d imap.example.com -d smtp.example.com

New certificates were created in
cd /etc/letsencrypt/live

You can test whether you succeed here
https://www.ssllabs.com/ssltest/analyze.html?d=example.com&latest

Auto renew

certbot-auto renew

You need to renew every 30 days, so set up cron
sudo crontab -e

Create cron every monday at 2:30 morning, and do log
30 2 * * 1 /usr/local/sbin/certbot-auto renew >> /var/log/le-renew.log

Dovecot

Update dovecot.conf to use new ssl certificate
# don't allow non-TLS connections for IMAP or SASL
ssl = required
disable_plaintext_auth = yes
# path to the certificate file, should be root:root and 0444
ssl_cert = /etc/letsencrypt/live/example.com/fullchain.pem
# path to the private key file, should be root:root and 0400
ssl_key = /etc/letsencrypt/live/example.com/privkey.pem

Reboot service
/etc/init.d/dovecot restart