How to add a free valid SSL certificate to Kerio Connect mail server

SSL certificates have always been pricey stuff, but since Letsencrypt offered free valid SSL certificates, there is more excuse NOT to run HTTPS traffic on your site, in this case, mail server (webmail). The good part, you get a free valid ssl certificate, the bad part, ssl certificate is only valid for 90 days. So, let’s start. First, we need to install Letsencrypt:

git clone /opt/letsencrypt
cd /opt/letsencrypt
./letsencrypt-auto --help

Now we need to create an actual certificate. In order for this step to be a success, you MUST stop both HTTP and HTTPS service in your Kerio Connect installation:

./letsencrypt-auto certonly --standalone -d mail.sefnet.local

Note that you need to replace mail.sefnet.local with your actual mail server address!

Now you can start HTTP and HTTPS services again. The next step should work on most Kerio Connect installations, unfortunately, it did not on mine, so I had to import certificate manually.

ln -s /etc/letsencrypt/live/mail.sefnet.local/fullchain.pem /opt/kerio/mailserver/sslcert/mail.crt
ln -s /etc/letsencrypt/live/mail.sefnet.local/privkey.pem /opt/kerio/mailserver/sslcert/mail.key

Now go to Kerio Connect admin panel and select SSL Certificates. If you can see your new certificate, you do not need to do anything else, otherwise, copy crt and key files out of your mail server, and then import them manually through the admin panel.

To renew SSL certificate just run the following command:

./letsencrypt-auto certonly --keep-until-expiring -d mail.sefnet.local

Remember to use the actual address of your mail server!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.