Back to Community Threads
Using Let's Encrypt Certificates for TLS
Question asked by Rafael Grecco - 10/7/2020 at 7:33 AM
Answered
R
Hi,

I just configured a new server (homologation environment) with all security protocols enabled - HTTPS, DKIM, DMARC and TLS.

I would like your input if DMARC is worth using or not. I've read that there are a lot of problems with it. Do you guys use it?

I also would like to know if any of you have experience using Lets Encrrypt for TLS. I use Lets Encrypt with "Certify The Web" software to automate the renewing process. It works wonderfully for ISS.

So I used the same certificate to enable TLS. I followed these steps: Open MMC -> Export certificate issued by Lets Encrypt to some folder -> Configured Smartermail's bindings to use that certificate.

Eveything is working flawlessly, but my question is if I have to repeat this manual process every time the certificate is renewed.

If so, is there a way to automate this process?

Thank you!
Robert Simpson Replied
10/7/2020 at 12:02 PM
I created a Scheduled Task that runs once a day, which exports the TLS cert to a PFX file that SM points to for TLS/SSL encryption.
That way the Certify the Web app is renewing every 30 days or so, and this scheduled task automates the export to file.
Heimir Eidskrem Replied
10/7/2020 at 12:20 PM
Would you mind posting your script for the export??
Robert Simpson Replied
10/7/2020 at 12:29 PM
Marked As Answer
The Task Scheduler executes a .bat file that looks like this:
Powershell.exe -executionpolicy remotesigned -File C:\Smartermail\ExportCert.ps1
The Powershell script looks like this:
//* MAKE SURE to modify the 3 areas that require it: mail domain, password and path to the PFX on your server 

(Get-ChildItem -Path cert:\LocalMachine\My |
Where-Object {$_.Subject -match "mail.mydomain.com"} |
Sort-Object -Property NotAfter -Descending |
Select-Object -first 1) | Foreach-Object {&certutil.exe @('-exportpfx', '-f', '-p','mypassword',$_.Thumbprint, "C:\SmarterMail\mail.mydomain.com.pfx")}
R
Rafael Grecco Replied
10/7/2020 at 1:18 PM
Robert, thank you very much!
Heimir Eidskrem Replied
10/7/2020 at 1:49 PM
Thank you so much Robert.
I setup letsencrypt using win-acme.
Needed to create the export and was looking for a script.
Perfect timing...

H.
Kyle Kerst Replied
10/7/2020 at 3:30 PM
Employee Post
I am happy to hear you were able to get this resolved. For future reference this process is detailed in the following KB article: 


Once set up the certificate renewal, export, and binding should all be automated using those steps. I do recommend you check in on this process periodically to ensure things are running smoothly.
Kyle Kerst
Lead Internal Network/System Administrator
SmarterTools Inc.
Heimir Eidskrem Replied
10/7/2020 at 3:35 PM
Thanks Kyle,
Very helpful and great timing.
Back to Community Threads

Reply to Thread

Related Knowledge Base Articles
Key Feature and Version Milestones in SmarterMailSmarterMail
Configure SSL/TLS to Secure SmarterMailSmarterMail > Server Configuration and Management
Google Safe Browsing Warning and SmarterMailSmarterMail > Troubleshooting
SmarterMail, LDAP, and Active DirectorySmarterMail > Server Configuration and Management
Deploying Rspamd For Use With SmarterMailSmarterMail > Server Configuration and Management