Can Abyss create Let's Encrypt Certificates for SMTP etc. ?

DavidQ

Hi,
I would like to create Let's Encrypt certificates for URLs which are not served directly by Abyss e.g. smtp.exampledomain.co.uk for my smtp server software which runs on the same Windows PC as Abyss.
Is this possible?
Thanks,
David

admin

DavidQ,
This is possible and the latest version of 2.12.1 has a relatively "hidden" feature to make exporting the retrieved certificate possible.
All you have to do is to configure a Web host with that name and set it to get its certificate from Let's Encrypt. The Web host needs only to have an empty directory and no files.
Next, in the console, select "Configure" associated with the host, next "General", next "Edit" in "Advanced Parameters", next "Edit" in "SSL/TLS Parameters", next "Edit" in "ACME Parameters", next "Edit" in "Advanced Parameters".
Two fields in that last screen are displayed:
* "Path of the private key file copy (updated upon each renewal)"
* "Path of the certificate file copy (updated upon each renewal)"
The two fields could be configured with paths where the files (cert and private key) will be saved after each renewal of the certificate from Let's Encrypt.
You can then point your other software (the SMTP server for example) to these two files to use them as its cert and private key files.
We'll be waiting for your feedback.

DavidQ

Thanks for your assistance, I would appreciate some clarification.
First, (if I understand this correctly) if I want a separate certificate exported for smtp etc. then I need to set up a new host called smtp.exampledomain.co.uk then set its configuration values to...
Protocol : HTTP+HTTPS
HTTP Port : Default HTTP Port (80)
HTTPS Port : Default HTTP Port (443)
Which enables me to select a certificate type as follows...
Certificate Type : From an ACME Account
ACME Account : LE Account
The end result creates a new host called http://smtp.exampledomain.co.uk
Is that right? http://smtp... doesn't seem correct somehow?
Second, I am unclear as to what the values should be for...
* "Path of the private key file copy (updated upon each renewal)"
* "Path of the certificate file copy (updated upon each renewal)"
Do I need to copy a file from somewhere as a default value?
Could you please provide an example?
Thirdly, if I simply add the smtp.exampledomain.co.uk to my existing www.exampledomain.co.uk Abyss host configuration, does Abyss/Let's Encrypt include the smtp.exampledomain.co.uk as an extra certificate component in the existing certificate that is created for www.exampledomain.co.uk (the www certificate that gets stored in the Abyss kcstore folder) ? Thereby effectively making a single certificate containing multiple sub-domains?
I will look forward to your reply.
Many Thanks,
David

admin

(We're already exchanging with DavidQ about this topic by email. We are reposting here our replies in case other users need the same feature.)
Regarding the example for the paths, simply create a directory inside your hard drive (for example C:\mycerts) and configure each of the paths to C:\mycrerts\cert1.pem (for storing the certificate) and c:\mycerts\key1.pem (for storing the private key.)
So each change or update of the certificate from Let's Encrypt will result in both these files updated. You can then point the SMTP server to use both these files for the SSL configuration.
Regarding the use of other names, this is possible and is actually a great workaround to reduce the number of certificates and hosts. So you could associate several names with the main host and use the certificate for both the Web host and the SMTP host.