Using Custom SSL Certificates with Courier POP3 SSL
EHCP Force Edition can configure Courier to use a custom SSL certificate for POP3 and IMAP over SSL. It is recommended you use a Let's Encrypt certificate. To configure Courier to use a custom SSL certificate, login to the panel as admin. Click on "Options" under "System Operations". Now click on "Advanced Settings". To the left of "POP3-SSL And IMAP-SSL Certificate Path", enter the path to your custom .pem certificate. Click on "Submit Query". If your certificate is valid, exists, and has a .pem extension, Courier will now use this certificate for POP3 and IMAP SSL connections.
Let's Encrypt Courier Integration
To use a Let's Encrypt certificate, first setup your main domain in the panel. Configure the domain to use a Let's Encrypt certificate. Once the domain is using a Let's Encrypt certificate, Courier can re-use this SSL certificate. However, you will need to combine the Let's Encrypt privkey.pem and fullchain.pem files into a new file called courier.pem since Courier expects a certain certificate format.
For example, if your main domain test.com is using a Let's Encrypt certificate, you can generate the certificate by using the below command:
cat /etc/letsencrypt/live/test.com/privkey.pem /etc/letsencrypt/live/test.com/fullchain.pem > /etc/letsencrypt/live/test.com/courier.pem && /usr/sbin/service courier-pop-ssl restart && /usr/sbin/service courier-imap-ssl restart
Now you can set the "POP3-SSL and IMAP-SSL Certificate Path" advanced option in EHCP to:
/etc/letsencrypt/live/test.com/courier.pem
Because Let's Encrypt certificates renew occasionally and change, you will want to create a cronjob that updates the certificate used by Courier and restarts the Courier services. So, let's do that now by running the below command.
sudo crontab -e
Below this line:
45 4 * * * /var/www/new/ehcp/scripts/certbot_renew_certs.sh
Add this line:
15 5 * * * cat /etc/letsencrypt/live/test.com/privkey.pem /etc/letsencrypt/live/test.com/fullchain.pem > /etc/letsencrypt/live/test.com/courier.pem && /usr/sbin/service courier-pop-ssl restart && /usr/sbin/service courier-imap-ssl restart
Save and exit.
Configuring Gmail to Download Emails from An EHCP Configured Email Address
In your Gmail inbox, click on the gear icon. A dropdown opens. Click on "Settings". Click on the "Accounts and Import" tab. Next to "Check mail from other accounts:", click on the "Add a mail account" link. Insert your email address. Click on "Next". The next screen will ask for your username, password, and POP3 settings. For username, it's also the full email address including the "@" sign. Enter your password. For "POP Server", enter the main domain name that you configured Courier to use for its Let's Encrypt certificate. In our example, it was test.com. Use 995 for "Port". Check the box next to "Always use a secure connection (SSL) when retrieving mail.". Finish the wizard. Gmail should successfully connect and download emails using POP3 SSL.
Here's a screenshot showing you the proper setup: