Autogenerated SSL using LetsEncrypt and Mailenable Issue

Discussion forum for Enterprise Edition.
MailEnable-Ian
Site Admin
Posts: 9547
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: Autogenerated SSL using LetsEncrypt and Mailenable Issue

Post by MailEnable-Ian » Sun Aug 15, 2021 11:38 pm

Hi,

If you renew the certificate and a new one is generated in the certificate store MailEnable does not know about this and yes you need to manually select it in the SSL dropdown list and ensure to restart all the MailEnable services.
Regards,

Ian Margarone
MailEnable Support

poweredge
Posts: 125
Joined: Sat May 29, 2021 11:16 am

Re: Autogenerated SSL using LetsEncrypt and Mailenable Issue

Post by poweredge » Mon Aug 16, 2021 8:18 am

MailEnable-Ian wrote:
Sun Aug 15, 2021 11:38 pm
Hi,

If you renew the certificate and a new one is generated in the certificate store MailEnable does not know about this and yes you need to manually select it in the SSL dropdown list and ensure to restart all the MailEnable services.
Many thanks again.

That means we just have to manually do it every 3 months.

1. Select the renewed certificate
2. Restart all ME services

ShawnKHall
Posts: 113
Joined: Wed Apr 06, 2005 12:03 am
Location: California, USA
Contact:

Re: Autogenerated SSL using LetsEncrypt and Mailenable Issue

Post by ShawnKHall » Tue Aug 24, 2021 5:02 am

poweredge wrote: That means we just have to manually do it every 3 months.
Actually, while the certificates are created for 3 months, you're supposed to renew them 30 days early, so you should do it every two months.

As for copying them to the Personal store, this powershell script will do that for you:

Code: Select all

$mypwd = ConvertTo-SecureString -String 'CHANGEME' -Force -AsPlainText;
Get-ChildItem -Path cert:\localMachine\WebHosting | 
where {($_.NotAfter -gt (GET-DATE))} | 
foreach {
	$pfxpath="Q:\CHANGEME\$($_.Thumbprint).pfx";
	echo "Exporting '$($_.Subject)' to '$pfxpath'";
	Export-PfxCertificate -cert $_ -Force -FilePath $pfxpath -Password $mypwd;
	Import-PfxCertificate -CertStoreLocation cert:\localMachine\My -FilePath $pfxpath -Password $mypwd;
}
Be sure to change the password and temporary export path.

Permissions might still be a problem, but I'm sure that can be resolved automatically, too.
-Shawn

poweredge
Posts: 125
Joined: Sat May 29, 2021 11:16 am

Re: Autogenerated SSL using LetsEncrypt and Mailenable Issue

Post by poweredge » Tue Aug 24, 2021 3:51 pm

ShawnKHall wrote:
Tue Aug 24, 2021 5:02 am
poweredge wrote: That means we just have to manually do it every 3 months.
Actually, while the certificates are created for 3 months, you're supposed to renew them 30 days early, so you should do it every two months.

As for copying them to the Personal store, this powershell script will do that for you:

Code: Select all

$mypwd = ConvertTo-SecureString -String 'CHANGEME' -Force -AsPlainText;
Get-ChildItem -Path cert:\localMachine\WebHosting | 
where {($_.NotAfter -gt (GET-DATE))} | 
foreach {
	$pfxpath="Q:\CHANGEME\$($_.Thumbprint).pfx";
	echo "Exporting '$($_.Subject)' to '$pfxpath'";
	Export-PfxCertificate -cert $_ -Force -FilePath $pfxpath -Password $mypwd;
	Import-PfxCertificate -CertStoreLocation cert:\localMachine\My -FilePath $pfxpath -Password $mypwd;
}
Be sure to change the password and temporary export path.

Permissions might still be a problem, but I'm sure that can be resolved automatically, too.
Thanks Shawn, Yes, Every 2 months, that's kind of....well...ok, considering 6 times per year :lol:

Btw, the original post owner said you can use certifytheweb.com to automatically export the cert to Personal Store, but how to set the Permission (IME_SYSTEM) I am not sure about if it's capable of doing it.

ShawnKHall
Posts: 113
Joined: Wed Apr 06, 2005 12:03 am
Location: California, USA
Contact:

Re: Autogenerated SSL using LetsEncrypt and Mailenable Issue

Post by ShawnKHall » Tue Aug 24, 2021 5:12 pm

Permissions should be able to be handled by something like this.
https://stackoverflow.com/questions/40046916/
-Shawn

Matth
Posts: 123
Joined: Fri Nov 08, 2002 8:34 am
Location: Hong Kong

Re: Autogenerated SSL using LetsEncrypt and Mailenable Issue

Post by Matth » Thu Sep 02, 2021 4:17 am

I am struggling with this as well. I do have WIN-ACME getting the certs just perfectly fine, renewing them, deleting the old ones, but every time Mailenable stops working and I first have to manually stop the services, unselect the cert, start, stop, select the new one (which was already selected in the first place) and restart the services.

This can't really be a solution, no? Is there no way that Mailenable can't provide a solution to automatically renew the certs, or integrate with a working solution? I'm quite puzzled that this should be so difficult.

poweredge
Posts: 125
Joined: Sat May 29, 2021 11:16 am

Re: Autogenerated SSL using LetsEncrypt and Mailenable Issue

Post by poweredge » Mon Sep 06, 2021 3:11 pm

Hi Ian, any tips or improvement could be added? Thanks

Post Reply