The following documentation page describes enabling SSL for webserver Nginx and mailserver software Exim and Dovecot. This software combination is used by MailSuite Pro.
If you need to configure the product installation to ensure secure access to web interface, you'll need to reconfigure Nginx for that.
This article also covers configuring SSL on mail server level, Exim and Dovecot need to be setup to use SSL.
We use EFF's Certbot to deploy Let's Encrypt certificates:
sudo apt install certbot -y
Requesting the certificate:
sudo certbot certonly --webroot-path=/opt/afterlogic/html/ -d YOUR_DOMAINNAME_HERE
From here on, you need to replace YOUR_DOMAINNAME_HERE with the domain name you use.
Configuring Nginx
Create /etc/nginx/sites-available/afterlogic-webmail-ssl file with the following content:
server {
listen 80;
server_name YOUR_DOMAINNAME_HERE;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name YOUR_DOMAINNAME_HERE;
root /opt/afterlogic/html;
index index.php index.html index.htm;
location ~ \.(php|phar)(/.*)?$ {
fastcgi_split_path_info ^(.+\.(?:php|phar))(/.*)$;
fastcgi_intercept_errors on;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass php-fpm;
}
location ^~ /data/ { deny all; }
ssl_certificate /etc/letsencrypt/live/YOUR_DOMAINNAME_HERE/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/YOUR_DOMAINNAME_HERE/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/YOUR_DOMAINNAME_HERE/fullchain.pem;
}
Run the following commands to apply changes:
sudo ln -s /etc/nginx/sites-available/afterlogic-webmail-ssl /etc/nginx/sites-enabled/
sudo service nginx restart
Configuring Exim
In /etc/exim4/exim4.conf file, uncomment the following lines:
tls_advertise_hosts = *
tls_on_connect_ports = 465
Uncomment the following lines and supply your domain name there:
tls_certificate=/etc/letsencrypt/live/YOUR_DOMAINNAME_HERE/fullchain.pem
tls_verify_certificates=/etc/letsencrypt/live/YOUR_DOMAINNAME_HERE/fullchain.pem
tls_privatekey=/etc/letsencrypt/live/YOUR_DOMAINNAME_HERE/privkey.pem
Run the following command to apply changes:
sudo service exim4 restart
NB: Currently, there's a known issue with Exim accessing certificate files over symlinks. To work around that, try pointing Exim to files in archive/ directory rather than live/, for example:
tls_certificate=/etc/letsencrypt/archive/YOUR_DOMAINNAME_HERE/fullchain1.pem
tls_verify_certificates=/etc/letsencrypt/archive/YOUR_DOMAINNAME_HERE/fullchain1.pem
tls_privatekey=/etc/letsencrypt/archive/YOUR_DOMAINNAME_HERE/privkey1.pem
and change permissions as follows:
chown afterlogic:afterlogic -R /etc/letsencrypt/archive/
Configuring Dovecot
Modify /etc/dovecot/conf.d/10-ssl.conf file as follows:
ssl = yes
ssl_cert = </etc/letsencrypt/live/YOUR_DOMAINNAME_HERE/fullchain.pem
ssl_key = </etc/letsencrypt/live/YOUR_DOMAINNAME_HERE/privkey.pem
Apply changes:
sudo service dovecot restart
MailBee.NET Objects .NET email components: SMTP, POP3, IMAP, EWS, Security, AntiSpam, Outlook, Address Validator, PDF 
MailBee.NET Queue Easy-to-use .NET service to deliver e-mails in the background 
MailBee Objects ActiveX email components: SMTP, POP3, IMAP, S/MIME 
WebMail Pro PHP Webmail front-end for your existing mail server, with personal calendar, contacts, and mobile sync 
ActiveServer Premium addon which brings ActiveSync support to WebMail Pro and Aurora 
Aurora Corporate Groupware system for businesses and providers 
Triton Transactional and newsletter emails sending solution 
MailSuite Pro for Linux Mail server (MTA) bundled with WebMail Pro for a complete solution 
Unified Messaging Solution Technology platform which provides telecom users with a feature-rich messaging portal 
