Keyhelp - cum poti sa faci ca accesul la mail sa fie securizat

[GiBi]

activarea unui certificat letsencrypt pentru subdomeniul webmail:

As i've read some posts were people asking to get a let's encrypt certificate for their subdomain webmail.yourdomain.com and nobody have posted a guide yet, you can read the following below:

1) Login to the server via the CLI. On windows/ mac you can download putty (search for it on search engines. google.com, duckduckgo.com, ecc.)
2) Install the certbot for apache with the command
sudo apt install certbot python3-certbot-apache
2b) Confirm (y)
3) Get the certificate with the command
certbot certonly -d webmail.yourdomain.com
4) Now it will ask "How would you like to authenticate with the ACME CA?", press 1) Apache Web Server plugin (apache)
5) If all went fine you'll have the certificate saved in /etc/letsencrypt/live/webmail.yourdomain.com/fullchain.pem
6) open the file /etc/apache2/keyhelp/vhosts/yourdomain.conf with an editor (vim, nano, ecc.) and paste the following at the end of the file (basically the same as in the file /etc/apache2/keyhelp/webmail.conf), replacing webmail.yourdomain.com with your subdomain

<VirtualHost *:443>
    ServerName webmail
    ServerAlias webmail.*
    
    SSLEngine On
    SSLCertificateFile          /etc/letsencrypt/live/webmail.yourdomain.com/fullchain.pem
    SSLCertificateKeyFile       /etc/letsencrypt/live/webmail.yourdomain.com/privkey.pem
    
     UseCanonicalName Off
        DocumentRoot /home/keyhelp/www/webmail
      LogLevel warn
    CustomLog "${APACHE_LOG_DIR}/keyhelp/access.log" combined
    ErrorLog "${APACHE_LOG_DIR}/keyhelp/error.log"


    <FilesMatch \.php$>
        <If "-f %{REQUEST_FILENAME}">
            SetHandler "proxy:unix:/run/php/keyhelp_keyhelp.socket|fcgi://keyhelp_keyhelp.socket"
        </If>
    </FilesMatch>

    # Set some proxy properties (the string "unique-domain-name-string" should match
    # the one set in the FilesMatch directive.
    <Proxy fcgi://keyhelp_keyhelp.socket>
        ProxySet connectiontimeout=5 timeout=120
    </Proxy>

    # If the php file doesn't exist, disable the proxy handler.
    # This will allow .htaccess rewrite rules to work and
    # the client will see the default 404 page of Apache
    RewriteCond %{REQUEST_FILENAME} \.php$
    RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_URI} !-f
    RewriteRule (.*) - [H=text/html]

    <Directory "/home/keyhelp/www/webmail">
        Require all granted
        AllowOverride All
    </Directory>
</VirtualHost>

 

[Criss]

Vezi ca nu merge ok... adica merge, dar Keyhelp nu mai are fisiere .conf pentru fiecare domeniu, le pune pe toate la gramada. Ok, adaugi intrarile in care specifici certificatele pentru subdomeniul webmail. dar daca dupa aceea adaugi un domeniu nou in keyhelp, acesta va rescrie fisierul pt vhosts si pierzi tot ce adaugasesi acolo pentru webmail, trebuie sa le adaugi din nou.

Nu stiu de ce face chestia asta Keyhelp, zici ca intentionat nu pune SSL pe subdomeniul de webmail.