<div dir="ltr">_)Dear Micheal<div><br></div><div>Sorry, I confirm the server is 5107R with Centos 6.5/32Bit</div><div>For this ver 5107R, Server Management > Security > SSL is using for webUI, sendmail and dovecot ?</div><div><br></div><div>But i using this for WebUI and sendmail, but still not working for ssendmail, we using <span style="background-color:rgb(239,240,241);color:rgb(36,39,41);font-family:Consolas;font-size:9.75pt">cat server.crt server.key > server.pem to gen the server cert, is correct?(work for UI but not sendmail)</span></div></div><br><div class="gmail_quote"><div dir="ltr">On Wed, Nov 7, 2018 at 2:51 PM Michael Stauber <<a href="mailto:mstauber@blueonyx.it">mstauber@blueonyx.it</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Mon Chan,<br>
<br>
> We planing buy to cert for BX5207R (Centos 6.5/32Bit) and install the<br>
> new cert to test, the cert register at <a href="http://www.sslforfree.com" rel="noreferrer" target="_blank">www.sslforfree.com</a><br>
> <<a href="http://www.sslforfree.com" rel="noreferrer" target="_blank">http://www.sslforfree.com</a>>(<a href="http://letsencrypt.org" rel="noreferrer" target="_blank">letsencrypt.org</a> <<a href="http://letsencrypt.org" rel="noreferrer" target="_blank">http://letsencrypt.org</a>>)<br>
> BX admin and dovecot is success install the cert.<br>
> <br>
> But the sendmail TLS/SSL services is NOT working. and show the error at<br>
> below.(465 and 587 is same error.)<br>
> and we just update <a href="http://sendmail.mc" rel="noreferrer" target="_blank">sendmail.mc</a> <<a href="http://sendmail.mc" rel="noreferrer" target="_blank">http://sendmail.mc</a>> and make all after<br>
> edit. <br>
> <br>
> Anyone can help this issue?<br>
The ability to request Let's Encrypt Certificates is built into the<br>
BlueOnyx GUI interface.<br>
<br>
You can request LE-certs for individual Vsites as well as one for the<br>
GUI interface itself. The one for the GUI interface is then *also* used<br>
for Dovecot and Sendmail.<br>
<br>
The request, install and renewal is all handled by the GUI and no<br>
fiddling with config files is required.<br>
<br>
Your changes to the Sendmail config are counter-productive, as you're<br>
swapping our pretty secure ciphers and protocols to some that are more<br>
or less garbage.<br>
<br>
My recommendation would be to roll these modifications back and to use<br>
the GUI to request an SSL certificate for the GUI. See "Server<br>
Management" / "Security" / "SSL" and then click on the "Let's Encrypt"<br>
button.<br>
<br>
-- <br>
With best regards<br>
<br>
Michael Stauber<br>
_______________________________________________<br>
Blueonyx mailing list<br>
<a href="mailto:Blueonyx@mail.blueonyx.it" target="_blank">Blueonyx@mail.blueonyx.it</a><br>
<a href="http://mail.blueonyx.it/mailman/listinfo/blueonyx" rel="noreferrer" target="_blank">http://mail.blueonyx.it/mailman/listinfo/blueonyx</a><br>
</blockquote></div>