ECM3 email, web, ftp and
dns server installation on macOS Catalina

Page 1 - Brew, Apache, Mysql, phpMyAdmin
Page 2 - Exim, Dovecot, Spamassassin, Clamav, Roundcube
Page 3 - PowerDNS Recursor and Authoritative Server
Page 4 - Nginx (optional)
Page 5 - PureFTPd and Webalizer (optional)
Page 6 - SSL Certificates using Let'sEncrypt
Upgrades - How to upgrade brew modules

Let's Encrypt SSL (certbot)

Install with brew:

brew install letsencrypt

In order to initiate a request for a certificate you have to make sure that your apache is running and your virtual host (qualified domain) is accessable and fully funtional. Once you have that start the process as root via terminal.

sudo -s
certbot --apache

You can fix permissions on certificate folders and the log folder to be able to see them both. Fix permissions on etc/letsencrypt folder immediately after each renewal.

sudo -s
find /etc/letsencrypt/ -type d -exec chmod 755 {} \; 
find /etc/letsencrypt/ -type f -exec chmod 644 {} \;
find /private/var/log/letsencrypt/ -type d -exec chmod 755 {} \; 
find /private/var/log/letsencrypt/ -type f -exec chmod 644 {} \;

Exim and dovecot requires the certificates to be in /private/etc/certificates so a symlink is the easiest way to let them know where they are:

sudo -s
ln -s /etc/letsencrypt/live/example.com/fullchain.pem /private/etc/certificates/example.com.crt 
ln -s /etc/letsencrypt/live/example.com/privkey.pem /private/etc/certificates/example.com.key

Contrab on OS X

Let’s set certbot to run every night at 2:47AM and renew the certificate automatically.

sudo -s
crontab -e

You will need to press i to edit the page, then paste in this line:

47 2 * * * /usr/local/bin/certbot renew --quiet

Then press Esc, then type:

:wq

And hit enter to save.