As Let’s Encrypt is probably the best thing happening to the internet for the last decade or two, I wanted to use the certificates with a Kerio Connect installation at a customer. The software documentation advises you to copy and paste the certificate information via their admin web interface. Let’s Encrypt certificates expire every 90 days, so that’s just not an option for a lazy (read: productive, smart) system administrator. The instance is running on Ubuntu Linux 14.04 LTS and performed flawless so far. Here’s how you do it.
Install Let’s Encrypt
Create the Certificate
Turn off the HTTP and HTTPS services in the admin panel. It won’t work without them disabled or running on non-standard ports. If you want to renew the certificates automatically, you should think about changing the ports permanently.
If you’re running this the first time, you’ll need to enter your email address for emergency usage like revoking a certificate. This only needs to be done once.
Congratulations, you now have a valid SSL certificate on your server.
Actually Using the Certificate
To make renewal easy, just link the created certificates to the appropriate folder inside the Kerio Connect hierarchy.
Now open the admin panel, select
Configuration > SSL Certificates and see your certificate appear. Select it and set is as active.
You may want to put this in a
cronjob to run every 30 days or so. If the certificate is close to expiring, it will be renewed automatically, otherwise it will be kept until the next run.
If you’re still running an unsecured mail server, now is the time to change that. It will cost you about 15 minutes and you probably will never have to worry about it again.