> the mailserver I use, does not support ACME setup. I can only do old > style SSL certificate requests. > for the webserver its not an issue though.
Why does the mail server need to support ACME? Simply do periodic DNS verification and trigger a restart/reload of the internet-facing mail server components when the certificate was renewed. And if replacing the cert in your mail service requires manual action, you could disable SSL and put a TCP load balancer that does SSL offloading in front of it. With the maximum validity period of certificates supported by browsers getting shorter and shorter, you'll eventually have to deal with fully automated certificate renewal anyway. Even some "traditional" cert providers have understood this and provide ACME or ACME-like renewal functionality: https://docs.digicert.com/certificate-tools/Certificate-lifecycle-automation-index/acme-user-guide/ _______________________________________________ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
