Guide - how to secure webmail subdomains not managed by keyhelp

Discussions about the usage of KeyHelp.
Post Reply
nobody
Posts: 11
Joined: Sun 8. Jan 2023, 22:29
Location: Universe
Contact:

Guide - how to secure webmail subdomains not managed by keyhelp

Post by nobody »

As i've read some posts were people asking to get a let's encrypt certificate for their subdomain webmail.yourdomain.com and nobody have posted a guide yet, you can read the following below:

1) Login to the server via the CLI. On windows/ mac you can download putty (search for it on search engines. google.com, duckduckgo.com, ecc.)
2) Install the certbot for apache with the command

Code: Select all

sudo apt install certbot python3-certbot-apache
2b) Confirm (y)
3) Get the certificate with the command

Code: Select all

certbot certonly -d webmail.yourdomain.com
4) Now it will ask "How would you like to authenticate with the ACME CA?", press 1) Apache Web Server plugin (apache)
5) If all went fine you'll have the certificate saved in /etc/letsencrypt/live/webmail.yourdomain.com/fullchain.pem
6) open the file /etc/apache2/keyhelp/vhosts/yourdomain.conf with an editor (vim, nano, ecc.) and paste the following at the end of the file (basically the same as in the file /etc/apache2/keyhelp/webmail.conf), replacing webmail.yourdomain.com with your subdomain

Code: Select all

<VirtualHost *:443>
    ServerName webmail
    ServerAlias webmail.*
	
    SSLEngine On
    SSLCertificateFile          /etc/letsencrypt/live/webmail.yourdomain.com/fullchain.pem
    SSLCertificateKeyFile       /etc/letsencrypt/live/webmail.yourdomain.com/privkey.pem
	
	 UseCanonicalName Off
        DocumentRoot /home/keyhelp/www/webmail
	  LogLevel warn
    CustomLog "${APACHE_LOG_DIR}/keyhelp/access.log" combined
    ErrorLog "${APACHE_LOG_DIR}/keyhelp/error.log"


    <FilesMatch \.php$>
        <If "-f %{REQUEST_FILENAME}">
            SetHandler "proxy:unix:/run/php/keyhelp_keyhelp.socket|fcgi://keyhelp_keyhelp.socket"
        </If>
    </FilesMatch>

    # Set some proxy properties (the string "unique-domain-name-string" should match
    # the one set in the FilesMatch directive.
    <Proxy fcgi://keyhelp_keyhelp.socket>
        ProxySet connectiontimeout=5 timeout=120
    </Proxy>

    # If the php file doesn't exist, disable the proxy handler.
    # This will allow .htaccess rewrite rules to work and
    # the client will see the default 404 page of Apache
    RewriteCond %{REQUEST_FILENAME} \.php$
    RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_URI} !-f
    RewriteRule (.*) - [H=text/html]

    <Directory "/home/keyhelp/www/webmail">
        Require all granted
        AllowOverride All
    </Directory>
</VirtualHost>
7) After that restart the server
User avatar
24unix
Posts: 1560
Joined: Sun 21. Jun 2020, 17:16
Location: Kollmar
Contact:

Re: Guide - how to secure webmail subdomains not managed by keyhelp

Post by 24unix »

nobody wrote: Fri 13. Jan 2023, 22:53 On windows/ mac you can download putty
That thing is burned forever, as it is a toy for children "admis" using Windows.
nobody wrote: Fri 13. Jan 2023, 22:53 Install the certbot for apache
Very stupid idea, as KeyHelp has its own ACME client
mfg Micha
--
If Bill Gates had a nickel for every time Windows crashed …
… oh wait, he does.
nobody
Posts: 11
Joined: Sun 8. Jan 2023, 22:29
Location: Universe
Contact:

Re: Guide - how to secure webmail subdomains not managed by keyhelp

Post by nobody »

24unix wrote: Sat 14. Jan 2023, 01:58 That thing is burned forever, as it is a toy for children "admis" using Windows.
So can you suggest some better tool for windows/ mac users instead of criticizing?
24unix wrote: Sat 14. Jan 2023, 01:58 Very stupid idea, as KeyHelp has its own ACME client
Same as above: suggest something better for future users searching for an automated solution using let's encrypt on webmail.domain.com.
Certbot is ok for webmail.domain.com which (it seems) ACME keyhelp can't do.
For other domains ACME keyhelp is fine.

I just posted a possible solution to get an SSL for webmail.domain,com and nobody posted any real solution.
User avatar
Tobi
Community Moderator
Posts: 2812
Joined: Thu 5. Jan 2017, 13:24

Re: Guide - how to secure webmail subdomains not managed by keyhelp

Post by Tobi »

Thank you nobody!



@24unix

You really don't have to spam every thread with your Windows aversion. Please restrain yourself.

Of course you can install certbot in parallel to KeyHelp. They use different certification methods, but the result is that you always get a valid certificate. certbot and KeyHelp don't get in each other's way either.
Gruß,
Tobi


-----------------------------
wewoco.de
Das Forum für Reseller, Digital-Agenturen, Bildschirmarbeiter und Mäuseschubser
User avatar
technotravel
KeyHelp Translator
Posts: 263
Joined: Mon 19. Oct 2020, 11:11

Re: Guide - how to secure webmail subdomains not managed by keyhelp

Post by technotravel »

nobody wrote: Sat 14. Jan 2023, 07:00
24unix wrote: Sat 14. Jan 2023, 01:58 That thing is burned forever, as it is a toy for children "admis" using Windows.
So can you suggest some better tool for windows/ mac users instead of criticizing?
When on Windows, I definitely prefer Bitvise over Putty - can do all that Putty does, but with a nice and comfortable GUI.
Chers francophones, je traduis KeyHelp en français. S'il y a des erreurs ou des propositions d'amélioration, n'hésitez pas à me contacter !
(Ich übersetze KeyHelp ins Französische)
Post Reply