{"id":617,"date":"2019-10-22T12:59:32","date_gmt":"2019-10-22T10:59:32","guid":{"rendered":"https:\/\/www.tiraquelibras.com\/blog\/?p=617"},"modified":"2021-02-02T11:10:28","modified_gmt":"2021-02-02T10:10:28","slug":"servidor-de-correo-apache2-y-certificado-ssl-lets-encrypt-para-correo-electronico-parte-3-15","status":"publish","type":"post","link":"https:\/\/blog.tiraquelibras.com\/?p=617","title":{"rendered":"Servidor de correo &#8211; Apache2 y certificado SSL Let&#8217;s Encrypt para correo electr\u00f3nico (parte 3)"},"content":{"rendered":"<p>Esta es una entrada dentro de la serie para la instalaci\u00f3n de un servidor de correo completo. \u00cdndice completo de contenidos pincha <a href=\"https:\/\/blog.tiraquelibras.com\/?p=601\" class=\"external external_icon\" rel=\"nofollow\" target=\"_blank\">aqu\u00ed<\/a>.<\/p>\n<hr \/>\n<p>Para poder hacer uso de un certificado SSL gratuitos con <a href=\"https:\/\/letsencrypt.org\/es\/\" class=\"external external_icon\" rel=\"nofollow\" target=\"_blank\">Let&#8217;s Encrypt<\/a> debemos de instalar un servidor web, crear un <strong>VirtualHost<\/strong> para poder generar un certificado SSL que usaremos en el servicio de correo electr\u00f3nico, sin coste alguno.<\/p>\n<p>Primero instala en el servidor el paquete necesario para gestionar certificados de Let&#8217;s Encrypt siguiendo los pasos que publiqu\u00e9 en anteriores entradas, consultando los siguientes enlaces:<\/p>\n<ul>\n<li>Let&#8217;s Encrypt en Centos pincha <a href=\"https:\/\/blog.tiraquelibras.com\/?p=558\" class=\"external external_icon\" rel=\"nofollow\" target=\"_blank\">aqu\u00ed<\/a>.<\/li>\n<li>Let&#8217;s Encrypt en Debian pincha <a href=\"https:\/\/blog.tiraquelibras.com\/?p=535\" class=\"external external_icon\" rel=\"nofollow\" target=\"_blank\">aqu\u00ed<\/a>.<\/li>\n<\/ul>\n<hr \/>\n<h1>Instalaci\u00f3n Apache2<\/h1>\n<p>Instalamos el servidor web con Apache2:<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"null\">apt-get install apache2<\/pre>\n<p>Habilitamos el servicio para que se inicie autom\u00e1ticamente:<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"null\">systemctl enable apache2<\/pre>\n<p>Confirmamos que est\u00e1 corriendo:<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"null\">systemctl status apache2<\/pre>\n<p>Creamos el directorio webroot en donde albergaremos un VirtualHost:<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"null\">mkdir -p \/var\/www\/html\/email.tiraquelibras.com<\/pre>\n<p>En este creamos un archivo HTML simple<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"null\">vi \/var\/www\/html\/correu2.yeloquehay.com\/index.html<\/pre>\n<p>con el siguiente contenido:<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"html\">&lt;html&gt;\r\n &lt;body&gt;\r\n  &lt;center&gt;&lt;h1&gt;This is an example of email.tiraquelibras.com!&lt;\/h1&gt;&lt;\/center&gt;\r\n &lt;\/body&gt;\r\n&lt;\/html&gt;\r\n<\/pre>\n<p>Cambiamos los permisos del directorio y archivos para que sean propietarios de Apache:<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"null\">chown -R www-data: \/var\/www\/html\/<\/pre>\n<p>Creamos el VirtualHost para el dominio <strong><em>email.tiraquelibras.com <\/em><\/strong>con el comando<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"null\">vim \/etc\/apache2\/sites-available\/email.tiraquelibras.com.conf<\/pre>\n<p>con el siguiente contenido:<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"null\">&lt;VirtualHost *:80&gt;\r\n\r\nServerAdmin email@email.com # Indica el email del admin\r\nServerName email.tiraquelibras.com\r\nDocumentRoot \/var\/www\/html\/email.tiraquelibras.com\r\n\r\nErrorLog ${APACHE_LOG_DIR}\/email.tiraquelibras.com_error.log\r\nCustomLog ${APACHE_LOG_DIR}\/email.tiraquelibras.com_access.log\r\n\r\n&lt;\/VirtualHost&gt;\r\n\r\n<\/pre>\n<p>Habilitamos el VirtualHost con el comando:<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"null\">a2ensite email.tiraquelibras.com.conf<\/pre>\n<p>Reiniciamos Apache:<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"null\">systemctl restart apache2<\/pre>\n<hr \/>\n<h1>Generaci\u00f3n del certificado<\/h1>\n<p>Generamos el certificado con el plugin para <strong>Apache<\/strong>:<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"null\">certbot --apache -d email.tiraquelibras.com<\/pre>\n<p>Nos preguntar\u00e1 si queremos que <strong>cerbot<\/strong> realice la configuraci\u00f3n necesaria para redirigir el tr\u00e1fico de <strong>HTTP<\/strong> hacia <strong>HTTPS<\/strong>, le indicamos que si seleccionando la opci\u00f3n 2:<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"null\">Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n1: No redirect - Make no further changes to the webserver configuration.\r\n2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for\r\nnew sites, or if you're confident your site works on HTTPS. You can undo this\r\nchange by editing your web server's configuration.\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nSelect the appropriate number [1-2] then [enter] (press 'c' to cancel): \r\n<\/pre>\n<p>Una vez finalizado podr\u00edamos confirmar la configuraci\u00f3n del certificado desde la herramienta web https:\/\/www.ssllabs.com\/ssltest\/analyze.html?d=email.tiraquelibras.com<\/p>\n<p>El programa ha creado el archivo de <strong>Apache<\/strong> para habilitar la configuraci\u00f3n <strong>HTTPS<\/strong> (\/etc\/apache2\/sites-available\/email.tiraquelibras.com-le-ssl.conf) con la redirecci\u00f3n pertinente desde el protocolo <strong>HTTP<\/strong>, y especificando la ruta en donde se encuentra el certificado que usaremos para el servicio de correo:<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"null\">SSLCertificateFile \/etc\/letsencrypt\/live\/email.tiraquelibras.com\/fullchain.pem\r\nSSLCertificateKeyFile \/etc\/letsencrypt\/live\/email.tiraquelibras.com\/privkey.pem<\/pre>\n<hr \/>\n<p>\u00cdndice general pincha <a href=\"https:\/\/blog.tiraquelibras.com\/?p=601\" class=\"external external_icon\" rel=\"nofollow\" target=\"_blank\">aqu\u00ed<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Esta es una entrada dentro de la serie para la instalaci\u00f3n de un servidor de correo completo. \u00cdndice completo de contenidos pincha aqu\u00ed. Para poder<span class=\"read-more-link\"><a class=\"read-more\" href=\"https:\/\/blog.tiraquelibras.com\/?p=617\">Read More<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":619,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10,22],"tags":[48,58,57,25],"class_list":["post-617","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-sistemas","category-ti","tag-apache","tag-certbot","tag-lets-encrypt","tag-ssl"],"post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/blog.tiraquelibras.com\/index.php?rest_route=\/wp\/v2\/posts\/617","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.tiraquelibras.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.tiraquelibras.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.tiraquelibras.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.tiraquelibras.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=617"}],"version-history":[{"count":0,"href":"https:\/\/blog.tiraquelibras.com\/index.php?rest_route=\/wp\/v2\/posts\/617\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.tiraquelibras.com\/index.php?rest_route=\/wp\/v2\/media\/619"}],"wp:attachment":[{"href":"https:\/\/blog.tiraquelibras.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=617"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.tiraquelibras.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=617"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.tiraquelibras.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=617"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}