After a fresh Carbonio installation, I managed to generate the Let's Encrypt certificates for the domain, and I can access it using removed link .
The problem I'm having now is that when I try to use Thunderbird to access it via IMAPS or POPS, I receive the self-signed certificate generated during the Carbonio installation, and not the Let's Encrypt one.
Can the same certificate be used for all services? (https://, imaps, and pop3s).
What configuration am I missing?
I was able to solve my problem with <a href=" removed link " target="_blank" rel="noopener">this excellent tutorial from Anahuac (Thanks, Anahuac!)
In my case, it took me a while to understand that the certificates obtained with the Carbonio administration interface are exclusively for HTTPS access (webmail) and not for the protocols (IMAPS and POP3S) and HTTPS too.
Perhaps a clarification in the official documentation about this differentiation, and also the inclusion of the method used by Anahuac, would be helpful. (I don't know if that information isn't in the documentation or if I just couldn't find it).
I solved that by symlinking:
/opt/zextras/conf/nginx.crt -> /opt/zextras/conf/domaincerts/mydomain.tld.crt /opt/zextras/conf/nginx.key -> /opt/zextras/conf/domaincerts/mydomain.tld.key /opt/zextras/conf/smtpd.crt -> /opt/zextras/conf/domaincerts/mydomain.tld.crt /opt/zextras/conf/smtpd.key -> /opt/zextras/conf/domaincerts/mydomain.tld.key
And restarting all services after that