Archive for March, 2016

Notes: Mail Server Madness

Sunday, March 20th, 2016

To avoid being flagged a spammer, your DNS server (and SMTP server) needs to be configured for:

  • PTR Records (Host)
  • SPF Records (DNS)
  • DKIM Records (DNS + SMTP)
  • DMARC Records (DNS + an email address)
  • TLS Certificate (an SSL Certifiate for your mail domain)

The last one is required to send encrypted mail.

(more…)

Using LetsEncrypt with OpenLiteSpeed on Ubuntu

Wednesday, March 9th, 2016

These notes are based on this.

Install GIT and BC.

Get the latest version of LetsEncrypt using GIT, placing it in /opt/.

For the next step, we’re going to need access to Port 80, so temporarily shut down your webserver.

Run LetsEncrypt.

The first time this runs, it’s going to ask for an e-mail address.

If everything worked correctly, you’ll find your certificate files here:

Where example.com is your domain name.

Next, inside your OpenLiteSpeed configuration, go in to your Listener->SSL settings. Add or modify them as follows:

Private Key: /etc/letsencrypt/live/example.com/privkey.pem
Certificate File: /etc/letsencrypt/live/example.com/fullchain.pem
Chained Certificate: Yes

The rest of the fields should be blank.

That’s it. Start the server.

Updating your certificates

Your certificate is good for 90 days, but it’s recommended you update it every 60.

Updating is exactly the same as requesting, and requires you free up Port 80!

That will overwrite the certificate. The new certificate will be good for another 90 days.

I haven’t automated this myself yet, but there are suggestions how to do this in the article linked at the top.