Hi all,
since Apple decided to break iOS 18 imap connections w/ self signed certificates as issued by the UCS I am looking for alternatives. So I tried the Let’s Encrypt App to learn that this requires port 80 to be open to get a certificate issued. I don’t want port 80 being open at all on my IMAP server. Any ideas how to solve this ?
There seems to be no solution for that. I followed the solution for https://help.univention.com/t/ucs-4-change-port-that-umc-listens-on/2852 in order to improve security and opened the port as required (Here I got other problems I will post separately).
If you have a firewall in front of your ucs, like pfsense or opnsense, install the acme client on your firewall and copy your certificate to your ucs server. 2nd idea, make a vm with your own let´s encrypt, use a dns challenge, if your provider will allow it and copy your certificate via sftp to your usc and restart the services.
Regards Ben