Hi Xeams Support,

how are you?

I finally managed to request a Let's Encrypt SSL certificate on XEAMS which I am running as a QNAP package on my QNAP TS-251D with 16GB of ram.

Under manage certificate I get:

Let's Encrypt certificate has been configured and you should be able to access the web interface using https...mail.domain.com. Your current certificate is valid until Apr 24, 2023

Test Certificate: No - It's for production use
Challenge Type: xeams
Renewal
Certificates signed by Let's Encrypt must be renewed every 90 days. Xeams will automatically renew the certificate around Apr 14, 2023. Ensure port inbound TCP/IP port 80 stays available for Let's Encrypt to confirm the challenge.

But when I access my web interface using https...mail.domain.com it says that the site is insecure because it is testing the QNAP certificate which is normally self signed and not testing the Xeams Let's Encrypt certificate.

I used this site to check the validity of the Xeams Let's Encrypt SSL certificate on the Xeams server:

https...www.checktls.com

Output:

How can I use the same certificate from Let' Encrypt from my mail server to my QNAP device?

If I try to do it from my qnap device under security, replace with let's encrypt, it gives me an ACMA error for port 80 and 443. These ports are open but are being used by Xeams  

Thank you.

Best regards

ab6540183

There are two formats of an SSL certificate:

• PKCS12 - this is used by Xeams
• PEM - Used by Apache HTTPD and most likely by QNAP as well.

When a certificate file is created, files for both formats are saved on the disk. The PKCS12 format is saved in $INSTALL_DIR/config/letenc.pfx and the PEM is saved in $INSTAL_DIR/letsEncrypt/*.*

Assuming QNAP expects the PEM format, you will have to use that file and not *.pfx in QNAP. Moreover, everything is stored in a single file in case of PKCS12. However, PEM format uses multiple files to store private key and certs.

Hi Synametrics Support,

Thank you for your reply.

I checked for PEM under $INSTAL_DIR/letsEncrypt/*.*, but I don't know how I can use these files under the QNAP Security/SSL certificate and private key.

I think that I am going to find it difficult to install a Let's Encrypt Certificate automatically for the QNAP and Xeams concurrently.

The problem is this in my opinion:

I have to enable web server on QNAP (so that QNAP does not seize port 80) and change the default port 80 on the QNAP web server to some other port number in order for Xeams to use the http challenge to get a new certificate every 90 days. But this stops the Qnap from getting a Let's Encrypt certificate because now it is not listening to port 80 anymore because I made it available to Xeams.  

Perhaps it would be easier to buy a cheap 12 month device SSL certificate that I can use for Xeams and the Qnap. Obviosuly I would have to have both certificate's formats such as PKS and PEM in order to suit both situations.

I was trying to run my own mail server at home, but it is becoming a real challenge now.

Thank you.

Best regards

ab6540183