Since Directadmin 1.52.0 users can get their own SSL/TLS certs installed for their domains into SMTP, POP, IMAP servers alongside into a WEB server. Get your own SSL cert for your mail.domain.com and secure your connections to mail-boxes with our guide.
Mobile phones and other network devices require a SSL/TLS encrypted connections to work with IMAP, POP, SMTP servers. And by default they connect to mail.domain.com (domain.com is just an example here), if your server hosts more than 1 domains then a connection might be dropped as not-trusted. A default cert installed server-wide and created for a hostname used to be the only one available in Exim until now.
Find out directadmin version (command is shown with an output example):
[root@server ~]# /usr/local/directadmin/directadmin v Version: DirectAdmin v.1.52.0
Find out Exim.conf version (command is shown with an output example):
[root@server ~]# head /etc/exim.conf -n1 # SpamBlockerTechnology* powered exim.conf, Version 4.5.7
Find out OpenSSL version (command is shown with an output example):
[root@server ~]# openssl version OpenSSL 1.0.2k-fips 26 Jan 2017
Find out Custombuild version (command is shown with an output example):
[root@server ~]# /usr/local/directadmin/custombuild/build version 2.0.0 (rev: 1734)
After you made sure that you meet the requirements here are the commands you should run as root in a console:
echo "mail_sni=1" >> /usr/local/directadmin/conf/directadmin.conf service directadmin restart
You can control process and see results of:
/usr/local/directadmin/directadmin c | grep sni
You should see output like the following:
[root@server ~]# /usr/local/directadmin/directadmin c | grep sni enable_ssl_sni=1 mail_sni=1 [root@server ~]#
If output of the commands is much different it's probably because of an older Directadmin version which is installed on your server.
Important: if you use custom versions of exim.conf and/or dovecot.conf you might lose your customization if you follow the guide.
Now we need to allow directadmin to install Dovecot and Exim configs and update them to the latest possible:
cd /usr/local/directadmin/custombuild ./build clean ./build update ./build set eximconf yes ./build set eximconf_release 4.5 ./build set dovecot_conf yes ./build exim_conf ./build dovecot_conf
Control results with:
grep ^tls_ /etc/exim.variables.conf --color
you should see output like the following (long lines are shortened here for easier reading):
tls_certificate=${if exists{/etc/virtual/snidomains}... skipped... {/etc/exim.cert}}}{/etc/exim.cert}} tls_privatekey=${if exists{/etc/virtual/snidomains}... skipped... {/etc/exim.key}}}{/etc/exim.key}} tls_require_ciphers=ECDHE-ECDSA-CHACHA20-POLY1305:... skipped... :DES-CBC3-SHA:!DSS
If you want to tell all live SSL domains to have their dovecot/exim configs written, type;
echo "action=rewrite&value=mail_sni" >> /usr/local/directadmin/data/task.queue
More information: