[SOLVED]How to create a new IIS Instance of "MailEnable Webmail" for Webmail?

Discussion forum for Enterprise Edition.
Post Reply
poweredge
Posts: 157
Joined: Sat May 29, 2021 11:16 am

[SOLVED]How to create a new IIS Instance of "MailEnable Webmail" for Webmail?

Post by poweredge »

Due to Let's Encrypt maximum 100 domain per SAN/UCC certificate limitation, in order to host 101-200th SSL, we need to create a new webmail instance of "MailEnable Webmail" in IIS.

Shall I do this manually or can I utilize the ME Admin Console or Installation program? I read somewhere saying special permission needs to be setup for IME_SYSTEM and IME_ADMIN during the creation of the new instance.

Many thanks again in advance.
Last edited by poweredge on Mon Jun 28, 2021 9:54 am, edited 1 time in total.

poweredge
Posts: 157
Joined: Sat May 29, 2021 11:16 am

Re: How to create a new IIS Instance of "MailEnable Webmail" for Webmail?

Post by poweredge »

Anyone pls? Thx

poweredge
Posts: 157
Joined: Sat May 29, 2021 11:16 am

Re: How to create a new IIS Instance of "MailEnable Webmail" for Webmail?

Post by poweredge »

I wonder if we can ultilize the feature Provision in order to create another Webmail Instance in IIS?
1.jpg
1.jpg (98.89 KiB) Viewed 19775 times

poweredge
Posts: 157
Joined: Sat May 29, 2021 11:16 am

Re: How to create a new IIS Instance of "MailEnable Webmail" for Webmail?

Post by poweredge »

May I know how to do this please? Thanks.

MailEnable-Ian
Site Admin
Posts: 9738
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: How to create a new IIS Instance of "MailEnable Webmail" for Webmail?

Post by MailEnable-Ian »

Hi,

You don't need to create a new custom web mail website. You need to add host header bindings under the MailEnable Webmail website and bind each host header to the relevant SSL certificate.

https://www.mailenable.com/documentation/10.0/Enterprise/Publishing%20via%20host%20headers%20or%20virtual%20directories.html
Regards,

Ian Margarone
MailEnable Support

poweredge
Posts: 157
Joined: Sat May 29, 2021 11:16 am

Re: How to create a new IIS Instance of "MailEnable Webmail" for Webmail?

Post by poweredge »

Thanks, I understand that part, but my question is related to Let's Encrypted per SAN/UCC SSL maximum 100 domain restriction, ie, you cannot add the 101th SSL to the same IIS instance.

In order to solve that, we need to create a new IIS instance for webmail, then we can add another Let's Encrypt 100 SAN SSL. (ie, 101-200)

Hence it was my asked question, could you kindly share what's the proper procedure to create the new IIS instance for webmail please?

Many thanks again.

MailEnable-Ian
Site Admin
Posts: 9738
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: How to create a new IIS Instance of "MailEnable Webmail" for Webmail?

Post by MailEnable-Ian »

Hi,

So your saying that you are not able to bind more than one Lets Encrypt certificate to a website under IIS if that one certificate exceeds the 100 domain restriction? You can create a new website and point the path to the "Mail Enable\BIN\NetWebmail" folder and set the application pool for the site to be "MailEnableAppPool". The identity for the site needs to run under the IME_USER account and therefore you will need to know the password for this account. If you don't then you will need to reset it using the "meinstaller.exe" utility (option 2) and note down the password you set. The issue here is that we don't support custom websites and therefore when you upgrade to a newer version of MailEnable it may stop the custom website from working.
Regards,

Ian Margarone
MailEnable Support

poweredge
Posts: 157
Joined: Sat May 29, 2021 11:16 am

Re: How to create a new IIS Instance of "MailEnable Webmail" for Webmail?

Post by poweredge »

Many thanks for your reply.

Is it possible we simply reset the password in Windows Computer Managment for IME_USER account, and then reset the password again in default ME Webmail Application pool and IIS Instance?

Btw, I found IIS Instance and Application pool uses IME_ADMIN instead of IME_USER somehow. (Pls kindly confirm)

So all I need to do is to change the password for IME_ADMIN for IIS Web site Authentication and IIS Application Pool Process Identity and my default webmail will still work right?

Thanks
2.jpg
2.jpg (74.54 KiB) Viewed 19632 times
1.jpg
1.jpg (151.73 KiB) Viewed 19632 times

poweredge
Posts: 157
Joined: Sat May 29, 2021 11:16 am

Re: How to create a new IIS Instance of "MailEnable Webmail" for Webmail?

Post by poweredge »

Just pop up in my mind, could be The Solution after all, that no need to create an new IIS Instance.

I wonder if W2K2019 IIS 10 supports multiple SAN/UCC SSL certificates on default ME Webmail Instance with SNI (Server Name Indication)?

So simply select the 101-200 SAN/UUC SSL Cert. from the drop down manual.

As I just realize again that SSL Certificate is selectable under binding option when browsing google for answer.
Figure154.jpg
Figure154.jpg (16.86 KiB) Viewed 19631 times

I haven't tested it, but I think it should work, but how to integrate WIN-ACME with Let's Encrypt automation for this situation is another difficult one. :lol:
Last edited by poweredge on Mon Jun 28, 2021 9:53 am, edited 1 time in total.

MailEnable-Ian
Site Admin
Posts: 9738
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: How to create a new IIS Instance of "MailEnable Webmail" for Webmail?

Post by MailEnable-Ian »

Hi,

Yes, that what I was referring to earlier. Create host header bindings under the MailEnable Webmail website and then bind each SSL certificate for each host header binding using the SNI option.
Regards,

Ian Margarone
MailEnable Support

poweredge
Posts: 157
Joined: Sat May 29, 2021 11:16 am

Re: How to create a new IIS Instance of "MailEnable Webmail" for Webmail?

Post by poweredge »

MailEnable-Ian wrote:
Mon Jun 28, 2021 12:09 am
Hi,

Yes, that what I was referring to earlier. Create host header bindings under the MailEnable Webmail website and then bind each SSL certificate for each host header binding using the SNI option.
:) Many thanks again :)

naikmanish
Posts: 24
Joined: Tue Aug 01, 2017 9:31 pm

Re: [SOLVED]How to create a new IIS Instance of "MailEnable Webmail" for Webmail?

Post by naikmanish »

Greetings,

Can you not use something like this to automate a per site deployment, only once. Eventually, everything including the IIS mappings would be done by this tool.

I am using this for a small server of about 10-12 domains and it is working fine. It is free for smaller servers, but you could buy the bigger version with unlimited domains support.

https://certifytheweb.com/

Just my thoughts

Thank you

Manish Naik

poweredge
Posts: 157
Joined: Sat May 29, 2021 11:16 am

Re: [SOLVED]How to create a new IIS Instance of "MailEnable Webmail" for Webmail?

Post by poweredge »

naikmanish wrote:
Tue Jul 13, 2021 7:24 am
Greetings,

Can you not use something like this to automate a per site deployment, only once. Eventually, everything including the IIS mappings would be done by this tool.

I am using this for a small server of about 10-12 domains and it is working fine. It is free for smaller servers, but you could buy the bigger version with unlimited domains support.

https://certifytheweb.com/

Just my thoughts

Thank you

Manish Naik
I can assure you that even up to 100 domain SSN/UCC wildcard domain SSL is working, I've answered your question in the other post that solved the mysterious problem of your newly generated cert won't work.

poweredge
Posts: 157
Joined: Sat May 29, 2021 11:16 am

Re: [SOLVED]How to create a new IIS Instance of "MailEnable Webmail" for Webmail?

Post by poweredge »

naikmanish wrote:
Tue Jul 13, 2021 7:24 am
Greetings,

Can you not use something like this to automate a per site deployment, only once. Eventually, everything including the IIS mappings would be done by this tool.

I am using this for a small server of about 10-12 domains and it is working fine. It is free for smaller servers, but you could buy the bigger version with unlimited domains support.

https://certifytheweb.com/

Just my thoughts

Thank you

Manish Naik
Fyi, Let's Encrypt support SAN/UCC multi-domain certificate.

The reason is if I create a ssl cert for each domain, then I need to copy each cert to Personal store, which is just too trouble some, as for SAN cert (upto 100 domains), I only need to manually copy it once to the Personal store.

Not to mention removed the old cert manually.

or the above can be done automatically by scripting? any example please? Thanks.

Post Reply