If your SSL certificate has expired and you have chosen to go with PositiveSSL(Comodo), this post may help you out.
1. Generate your Certificate Signing Request (CSR)
openssl req -new -nodes -newkey rsa:2048 -keyout servername.com.key -out servername.com.csr
2. Get your Certificate by signing the CSR file to Comodo and you will receive the Certificate by email.
3. Copy the certificate text in the email and create a new file on the server and append your certificate key generated in step 1. THe resulting file should look like this. Save it as servername.com.pem
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
Make sure there is a blank line at the end of your PEM file.
4. Create your bundle file using the following commands
cat COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > bundle.crt
5. On Ubuntu machines, open /etc/courier/imapd-ssl and change the following configurations
TLS_CERTFILE=/path/to/your/servername.com.pem
TLS_TRUSTCERTS=/path/to/your/bundle.crt
If your customers do not use Microsoft Office 2007 and earlier, add the following line
TLS_PROTOCOL=SSL3
6. Restart Courier IMAP
service courier-imap restart service courier-imap-ssl restart
7. For Postfix, copy the certificate received in the Comodo email and save it as servername.com.crt file
8. Edit /etc/postfix/main.cf and change the following
smtpd_tls_cert_file = /path/to/your/servername.com.crt smtpd_tls_key_file = /path/to/your/servername.com.key smtp_tls_CAfile = /path/to/your/bundle.crt
9. Restart Postfix
service postfix restart
10. For Pop3d, edit the file /etc/courier/pop3d-ssl and change the following
TLS_CERTFILE=/path/to/your/servername.com.pem
TLS_TRUSTCERTS=/path/to/your/bundle.crt
11. Restart Pop3d services
service courier-pop restart service courier-pop-ssl restart
12.Testing IMAP SSL and POP3 SSL
openssl s_client -connect servername.com:993
openssl s_client -connect servername.com:995
Both should successfully complete the SSL handshake if everything works.
This will allow you to create a new certificate for your ISPConfig 3 web interface by answering the following question with