Enable SSL (LetsEncrypt)

  1. Home
  2. Knowledge Base
  3. Installation
  4. Enable SSL (LetsEncrypt)
  1. Home
  2. Knowledge Base
  3. Security
  4. Enable SSL (LetsEncrypt)

Add or check these settings. The config checker will do this for you.

g_ssl_per_domain "true"
g_ssl_auto "true"
g_webmail_port "80,7080" 

Then issue the command:

tellmail ssl_update

That’s it.

NOTE: It’s essential that you are running SurgeMail on port 80 and NOT some other web server!


But also check your other ssl settings are enabled:

g_ssl_allow "*" 
g_ssl_try_out "*" 
g_ssl_perfect "true"  

Requirements for Lets Encrypt.

  • SurgeMail version 7.3j2 or later
  • Your server must be accessable on port 80 directly to surgemail (not apache or IIS)
  • Each domains url_host setting must point at your server.
  • Ensure each domains ‘url_host’ setting is the name you want to use to refer to that domains server, typically mail.domain.name, e.g. for ‘fred.com’ you would usually use ‘mail.fred.com’, this dns entry must exist!

Forcing SSL connections

If you wish to force the use of SSL use the following settings:

# Block imap/pop/smtp logins without SSL enabled for all ip addresses.
g_ssl_require_login "*"
# Redirect users to the https url automatically.
g_url_redirect from=”http://*/surgeweb” to=”https://%1/surgeweb” ports=”80″
g_url_redirect from=”http://*/user.cgi” to=”https://%1/user.cgi” ports=”80″

IIS / Apache on the same system.

If you have IIS or Apache running on the same mail server, and it’s assigned port 80 then you need to define this setting so surgemail knows where to put the challenge file:

g_ssl_lets_path “c:\surgemail\wellknown”

And in IIS create a virtual path “.well-known” and map it to c:\surgemail\wellknown

Then on IIS add a file extension of type “.” with mime type text/xml

Linux/Apache

If you are running apache on port 80 then you can do this, correct the path to be whatever you have used for apache’s web path…

(In surgemail.ini add)

 G_SSL_LETS_PATH “/var/www/html/.well-known”

(Then)

  mkdir /var/www/html/.well-known/acme-challenge
   chown mail /var/www/html/.well-known/acme-challenge

Manual SSL certificates

Alternatively you may wish to configure ssl certificates Manually if so click here.

Was this article helpful?

Related Articles