[Pkg-exim4-users] location of cert
Francois Sauterey - Snes
fs at snes.edu
Sun Feb 28 14:14:39 GMT 2021
Le 28/02/2021 à 08:35, Brian E. Lavender a écrit :
> Is it possible to put the cert for TLS in the /etc/letsencrypt folder? I
> tried referencing the cert from the folder and I ended up copying it to
> the /etc/exim folder.
>
> Doesn't seem to work
>
> MAIN_TLS_CERTIFICATE = /etc/letsencrypt/live/panther.brie.com/fullchain.pem
>
> Works
>
> MAIN_TLS_CERTIFICATE = CONFDIR/fullchain.pem
>
> Same with the key.
>
> Does not work
> #MAIN_TLS_PRIVATEKEY = /etc/letsencrypt/live/panther.brie.com/privkey.pem
>
> Works
> MAIN_TLS_PRIVATEKEY = CONFDIR/privkey.pem
>
> Brian
>
Yes, it is possible!
You probably have a problem of rights on the files.
If this is the case, you should find in your log file
(/var/log/exim4/mainlog.log) some lines like :
> So:2021-02-27 16:39:05 TLS error on connection from [aaa.bbb.ccc.ddd] (cert/key setup: cert=/etc/letsencrypt/live/panther.brie.com/fullchain.pem key=/etc/letsencrypt/live/panther.brie.com/privkey.pem ): Error while reading file.
By default, letsencrypts reserves access to the archive/live directory
to root.
So :
1/ chgrp Debian-exim /etc/letsencrypt/{archive,live}
2/ chmod g+rx /etc/letsencrypt/{archive,live}
(maybe recursively)
Now exim can read your cert files !
Francois
More information about the Pkg-exim4-users
mailing list