I’m trying to create a mail server, but I’m not able to connect to my DO droplet’s domain, which I need to do to get a Let’s Encrypt SSL certificate. It refuses conection. letsdebug.net says:
[My domain name] has an A (IPv4) record ([my droplet’s IP address)) but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.
71ms: Experienced error: dial tcp [my droplet’s IP]:80: connect: connection refused
So, I decided to try running
sudo netstat -nlp which outputted the following:
Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:33060 0.0.0.0:* LISTEN 2882/mysqld tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 2882/mysqld tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 493/systemd-resolve tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 768/sshd: /usr/sbin tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 146987/master tcp6 0 0 :::22 :::* LISTEN 768/sshd: /usr/sbin tcp6 0 0 :::25 :::* LISTEN 146987/master udp 0 0 127.0.0.53:53 0.0.0.0:* 493/systemd-resolve raw6 0 0 :::58 :::* 7 490/systemd-network raw6 0 0 :::58 :::* 7 490/systemd-network
And there is clearly nothing listening on port 80. How do I get something to listen to it? Do I need to install Nginx or something – namely set up a webserver? Why would I need to do that? Does this mean I need a web server built to install a mail server? I’m a complete novice when it comes to this stuff.
I am being told that it is only required for a Let’s Encrypt certificate. In this tutorial,
dovecot.pem is used for both the cert and key file. Will this suffice instead if I’m using Dovecot?
Update: no IP address found for my subdomain
On Michael Hampton’s advice, I tried
sudo certbot certonly --standalone -d mail.example.com putting in my own mail subdomain and have seemed to have opened another can of worms:
Detail: No valid IP addresses found for [my mail subdomain]
This is a bit confusing. Perhaps I have set my MX record wrong? I will list out my DNS records (I’ve blacked out my droplet’s IP address and domain name as I have no clue if it is safe or not to share these things over the internet. If they are necessary to include and it’s safe I have no problem unredacting this):
Here, the redacted bits in the ‘Value’ column all hide by droplet’s IP address and the redacted bits in hostname hide my domain url.
You can use
certbot in standalone mode to obtain certificates for services other than a web site. For example:
sudo certbot certonly --standalone -d mail.example.com
In this mode, certbot starts its own internal web server so that the HTTP challenge can be completed, and then stops it at the end.
Your private keys and certificates, or rather links to them which will remain the same even when the certificates are renewed later, will be in the
/etc/letsencrypt/live directory. You can then configure Postfix, Dovecot, or whatever you happen to be using, to find them there. For example, your certificate chain will be
/etc/letsencrypt/live/mail.example.com/fullchain.pem and the private key will be
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.