diff options
| author | Luke Smith <luke@lukesmith.xyz> | 2025-04-16 07:08:08 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-04-16 07:08:08 +0000 |
| commit | c0f20647d57482536e34ef266ebd23dde86411f0 (patch) | |
| tree | 69e03311fa1597237c1ed450429ba6195c673aa8 | |
| parent | 3998323db0b52e4cfe4f7ab5dde527ae8e753310 (diff) | |
| parent | d483bd46a11b556db06145289341c583a38d9e0c (diff) | |
Add instructions for self-signed certs
| -rw-r--r-- | README.md | 31 |
1 files changed, 31 insertions, 0 deletions
@@ -26,6 +26,7 @@ sizeable network of people with email servers thanks to this script. - **Certbot** SSL certificates, if not already present. - **fail2ban** to increase server security, with enabled modules for the above programs. +- (optionally) **a self-signed certificate** instead of OpenDKIM and Certbot. This allows to quickly set up an isolated mail server that collects email notifications from devices in the same local network(s) or serves as secure/private messaging system over VPN. ## This script does _not_... @@ -107,6 +108,36 @@ in the server, you could just install mutt, add `set spoolfile="+Inbox"` to your `~/.muttrc` and use mutt to view and reply to mail. You'll probably want to log in remotely though: +## Installing with self-signed certificate, in "isolated" mode + +This mode skips the setup of OpenDKIM and Certbot, and will instead create a self-signed cert that lasts 100 years. It also allows to customize the logic country name, state/province name and organization name to generate the certificate automatically. An example usecase is for an isolated server that collects notifications from devices in the same local network(s) or serves as secure/private messaging system over VPN (wireguard or whatever). +This server with self-signed certificate as configured will NOT be able to send anything to public mail servers (Gmail, Outlook and so on), at least not directly. + +open the script and change the following line +``` +selfsigned="no" # yes no +``` +to become +``` +selfsigned="yes" # yes no +``` +it's also possible to customize and automate the self-signed certificate creation +by changing the following lines in the script +``` +use_cert_config="no" +``` +to +``` +use_cert_config="yes" +``` + +and then write country name, state/province name and organization name in the following lines +``` +country_name="" # IT US UK IN etc etc +state_or_province_name="" +organization_name="" +``` + ## Logging in from email clients (Thunderbird/mutt/etc) Let's say you want to access your mail with Thunderbird or mutt or another |