Mini-Howto: Kopano IMAP & Let's Encrypt

kopano
dovecot
letsencrypt

#1

With the availability of the Cool Solutions - Let’s Encrypt I can continue on a project which I wanted to start with UCS 4.2 and Kopano.
As Apache and Postfix can be secured as described in the Wiki we also have to make sure that other Kopano services are using the certificate and will also notice once a new certifcate is installed.

There a 2 subdirectories in /etc/univention/letsencrypt which contain the scripts for setup and refresh of the certificates. I adapted the scripts for dovecot.

root@mail:/etc/univention/letsencrypt# cat setup.d/kopano-gateway
#!/bin/bash
. /usr/share/univention-lib/ucr.sh
DIR_LE="/etc/univention/letsencrypt"
if is_ucr_true letsencrypt/services/kopano-gateway ; then
        setfacl -m u:kopano:r "$DIR_LE/domain.key"
        ucr set \
                kopano/cfg/gateway/ssl_private_key_file="$DIR_LE/domain.key" \
                kopano/cfg/gateway/ssl_certificate_file="$DIR_LE/chained.pem"
fi
root@mail:/etc/univention/letsencrypt# cat post-refresh.d/kopano-gateway
#!/bin/bash
#
. /usr/share/univention-lib/ucr.sh

DIR_LE="/etc/univention/letsencrypt"

if is_ucr_true letsencrypt/services/kopano-gateway ; then
        invoke-rc.d kopano-gateway restart
fi

root@mail:/etc/univention/letsencrypt# ucr get letsencrypt/services/kopano-gateway
yes

Securing kopano-ical should work in the same way. (Hint: ucr search kopano/cfg/ical/ssl_ ).

EDIT: I omitted the steps how to create the files, set permissions, create the UCRV and run the script to make sure that people who want to use this will think about it first.


UCS Let's Encrypt with Kopano IMAP
Lets Encrypt expired