Guide - how to secure webmail subdomains not managed by keyhelp
Posted: Fri 13. Jan 2023, 22:53
As i've read some posts were people asking to get a let's encrypt certificate for their subdomain webmail.yourdomain.com and nobody have posted a guide yet, you can read the following below:
1) Login to the server via the CLI. On windows/ mac you can download putty (search for it on search engines. google.com, duckduckgo.com, ecc.)
2) Install the certbot for apache with the command
2b) Confirm (y)
3) Get the certificate with the command
4) Now it will ask "How would you like to authenticate with the ACME CA?", press 1) Apache Web Server plugin (apache)
5) If all went fine you'll have the certificate saved in /etc/letsencrypt/live/webmail.yourdomain.com/fullchain.pem
6) open the file /etc/apache2/keyhelp/vhosts/yourdomain.conf with an editor (vim, nano, ecc.) and paste the following at the end of the file (basically the same as in the file /etc/apache2/keyhelp/webmail.conf), replacing webmail.yourdomain.com with your subdomain
7) After that restart the server
1) Login to the server via the CLI. On windows/ mac you can download putty (search for it on search engines. google.com, duckduckgo.com, ecc.)
2) Install the certbot for apache with the command
Code: Select all
sudo apt install certbot python3-certbot-apache
3) Get the certificate with the command
Code: Select all
certbot certonly -d webmail.yourdomain.com
5) If all went fine you'll have the certificate saved in /etc/letsencrypt/live/webmail.yourdomain.com/fullchain.pem
6) open the file /etc/apache2/keyhelp/vhosts/yourdomain.conf with an editor (vim, nano, ecc.) and paste the following at the end of the file (basically the same as in the file /etc/apache2/keyhelp/webmail.conf), replacing webmail.yourdomain.com with your subdomain
Code: Select all
<VirtualHost *:443>
ServerName webmail
ServerAlias webmail.*
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/webmail.yourdomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/webmail.yourdomain.com/privkey.pem
UseCanonicalName Off
DocumentRoot /home/keyhelp/www/webmail
LogLevel warn
CustomLog "${APACHE_LOG_DIR}/keyhelp/access.log" combined
ErrorLog "${APACHE_LOG_DIR}/keyhelp/error.log"
<FilesMatch \.php$>
<If "-f %{REQUEST_FILENAME}">
SetHandler "proxy:unix:/run/php/keyhelp_keyhelp.socket|fcgi://keyhelp_keyhelp.socket"
</If>
</FilesMatch>
# Set some proxy properties (the string "unique-domain-name-string" should match
# the one set in the FilesMatch directive.
<Proxy fcgi://keyhelp_keyhelp.socket>
ProxySet connectiontimeout=5 timeout=120
</Proxy>
# If the php file doesn't exist, disable the proxy handler.
# This will allow .htaccess rewrite rules to work and
# the client will see the default 404 page of Apache
RewriteCond %{REQUEST_FILENAME} \.php$
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_URI} !-f
RewriteRule (.*) - [H=text/html]
<Directory "/home/keyhelp/www/webmail">
Require all granted
AllowOverride All
</Directory>
</VirtualHost>