With the availability of the Cool Solutions - Let’s Encrypt I can continue on a project which I wanted to start with UCS 4.2 and Kopano.
As Apache and Postfix can be secured as described in the Wiki we also have to make sure that other Kopano services are using the certificate and will also notice once a new certifcate is installed.
There a 2 subdirectories in /etc/univention/letsencrypt which contain the scripts for setup and refresh of the certificates. I adapted the scripts for dovecot.
root@mail:/etc/univention/letsencrypt# cat setup.d/kopano-gateway #!/bin/bash . /usr/share/univention-lib/ucr.sh DIR_LE="/etc/univention/letsencrypt" if is_ucr_true letsencrypt/services/kopano-gateway ; then setfacl -m u:kopano:r "$DIR_LE/domain.key" ucr set \ kopano/cfg/gateway/ssl_private_key_file="$DIR_LE/domain.key" \ kopano/cfg/gateway/ssl_certificate_file="$DIR_LE/chained.pem" fi root@mail:/etc/univention/letsencrypt# cat post-refresh.d/kopano-gateway #!/bin/bash # . /usr/share/univention-lib/ucr.sh DIR_LE="/etc/univention/letsencrypt" if is_ucr_true letsencrypt/services/kopano-gateway ; then invoke-rc.d kopano-gateway restart fi root@mail:/etc/univention/letsencrypt# ucr get letsencrypt/services/kopano-gateway yes
Securing kopano-ical should work in the same way. (Hint:
ucr search kopano/cfg/ical/ssl_ ).
EDIT: I omitted the steps how to create the files, set permissions, create the UCRV and run the script to make sure that people who want to use this will think about it first.