Manually copy Let’s Encrypt Certificates to Dovecot and Postfix

To manually copy your certificates to dovecot and postfix so that your mail clients do not display a warning about bad certificates follow these steps.

You will want to copy the latest certificate which will be located in the folder name starting with your primary domain followed by largest the iteration number.

 

Copy your private keys

cp /etc/letsencrypt/archive/server1.domain.ca-0005/privkey1.pem /etc/dovecot/private/dovecot.pem
cp /etc/letsencrypt/archive/server1.domain.ca-0005/privkey1.pem /etc/postfix/postfix.key.pem

Copy your certificates

cp /etc/letsencrypt/archive/server1.domain.ca-0005/cert1.pem /etc/dovecot/dovecot.pem
cp /etc/letsencrypt/archive/server1.domain.ca-0005/cert1.pem /etc/postfix/postfix.cert.pem

Copy your fullchain

cp /etc/letsencrypt/archive/server1.domain.ca-0005/fullchain1.pem /etc/dovecot/dovecot.ca.pem
cp /etc/letsencrypt/archive/server1.domain.ca-0005/fullchain1.pem /etc/postfix/postfix.ca.pem

 

Restart the Services

service dovecot restart

service postfix restart

 

VirtualMin SSL v3 Poodle Fix VirtualMin SSL v3 Poodle Fix

 

Apache

In RHEL/CentOS, edit /etc/httpd/conf.d/ssl.conf.

In Ubuntu/Debian, edit /etc/apache2/mods-enabled/ssl.conf.

Look for a line beginning with SSLProtocol, it should look something like this:

SSLProtocol all -SSLv2

You need to modify it to look like this:

SSLProtocol all -SSLv2 -SSLv3

And then restart Apache:

RHEL/CentOS: /etc/init.d/httpd restart

Ubuntu/Debian: /etc/init.d/apache2 restart

Webmin/Virtualmin

Webmin will correct this issue automatically in the future. In the meantime, to disable SSLv3, edit this file:

/etc/webmin/miniserv.conf

And add the following line to the end:

ssl_version=10

Then restart Webmin:

/etc/init.d/webmin restart

Usermin

Edit this file:

/etc/usermin/miniserv.conf

And add the following line to the end:

ssl_version=10
ssl_protocols = !SSLv2 !SSLv3
ssl_cipher_list=ECDHE-RSA-AES256-SHA384:AES256-SHA256:AES256-SHA256:RC4:HIGH:MEDIUM:+TLSv1:+SSLv3:!SSLv2:!MD5:!ADH:!aNULL:!eNULL:!NULL:!DH:!ADH:!EDH:!AESGCM

Then restart Usermin:

/etc/init.d/usermin restart

 

Webmin

Edit this file:

/etc/webmin/miniserv.conf

And add the following line to the end:

ssl_version=10
ssl_protocols = !SSLv2 !SSLv3
ssl_cipher_list=ECDHE-RSA-AES256-SHA384:AES256-SHA256:AES256-SHA256:RC4:HIGH:MEDIUM:+TLSv1:+SSLv3:!SSLv2:!MD5:!ADH:!aNULL:!eNULL:!NULL:!DH:!ADH:!EDH:!AESGCM

Then restart Usermin:

/etc/init.d/webmin restart

 

Creds: https://www.virtualmin.com/node/34811