Both sides previous revision
Previous revision
Next revision
|
Previous revision
|
internet:mail:mailcleaner_ssl [2021/06/17 15:04] gcooper |
internet:mail:mailcleaner_ssl [2022/10/03 10:54] (current) gcooper |
===== Single Server ===== | ===== Single Server ===== |
| |
Follow this howto: | **Follow this howto**: https://opensource.com/article/20/6/secure-open-source-antispam |
| |
https://opensource.com/article/20/6/secure-open-source-antispam | |
| |
===== MailCleaner Cluster ===== | ===== MailCleaner Cluster ===== |
<note warning>Use **exactly the same domain names** as when the original cert was created or another cert will be created instead of renewing the existing one.</note> | <note warning>Use **exactly the same domain names** as when the original cert was created or another cert will be created instead of renewing the existing one.</note> |
| |
<note important>You will have to **add** (not replace) a DNS TXT record for each domain specified, two in this case. Wait for enough time for your DNS TXT records to propagate to all your DNS servers. I'd wait a full minute or more before continuing.</note> | <note important>You will have to **add** (not replace) a DNS TXT record for each domain and SAN specified, two in this case. Wait for enough time for your DNS TXT records to propagate to all your DNS servers. I'd wait a full minute or more before continuing.</note> |
| |
^ --keep |will not renew the cert until it has 30 days or less to expire (i.e. after 60 days) | | ^ --keep |will not renew the cert until it has 30 days or less to expire (i.e. after 60 days) | |
===== Sync SSL Cert to MailCleaner Slaves ===== | ===== Sync SSL Cert to MailCleaner Slaves ===== |
| |
Once the cert is installed and tested on the master MailCleaner server, sync the SSL cert to the MailCleaner slaves. Do this at the slave. This command runs nightly anyway, so if your current cert has not expired, you can omit this step for now. | Once the cert is installed and tested on the master MailCleaner server, sync the SSL cert to the MailCleaner slaves. **Do this at the slave**. This command runs nightly anyway, so if your current cert has not expired, you can omit this step for now. |
| |
<file> | <file> |