[CentOS] Certificates

Sat Sep 1 10:31:55 UTC 2018
Pete Biggs <pete at biggs.org.uk>

> so - if you want to get certificates for an imap only server, you will
> have to setup an webserver for the challenge. or deal with your dns server.
Having just setup up some LetsEncrypt certificates on a CentOS server:

Certbot automates the process - if you have a webserver running, it
will use that; if you don't, it attaches a minimalistic web server to
port 80 to respond to the LetsEncrypt challenges. It's very, very easy.
(The challenges are purely to verify that you are the owner of the
domain you are asking for certificates for.)

The certificates it generates can be used for IMAP and SMTP as well.

certbot will automatically renew the certificates 2 weeks (I think)
before they expire - it does not need the web/dns challenges for
renewal. There are hooks in the process to put the renewed certificates
wherever you want, otherwise it puts them where your web server is
expecting them.