How can we improve Kerio Connect?

Add support for Letsencrypt

Please add full support for letsencrypt certificates

https://letsencrypt.org/

486 votes
Vote
Sign in
Signed in as (Sign out)
You have left! (?) (thinking…)
gobbli shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

28 comments

Sign in
Signed in as (Sign out)
Submitting...
  • Norbert Dollansky commented  ·   ·  Flag as inappropriate

    The recommendation for this workaround (Nginx) will not solve the problems.
    Please implement Letsencrypt not only in Kerio Connect, but also in Kerio control. Of course with automatic renew. This means that even other HTTPS services could run behind the Kerio control. Of course, without having to buy expensive certificates and having to renew them manually every year - this does not work if you have many customers with control and connect - this is working time destruction.

  • Peter Bowles commented  ·   ·  Flag as inappropriate

    Is there a reason that the official position is to use purchased certificates and not use Let's Encrypt, I mean a better reason that that it would require you to do some development work.

  • Alex Weber commented  ·   ·  Flag as inappropriate

    "GFI official position is to use purchased certificates for use with Kerio Connect and not use free Let’s Encrypt certificates"

    Why? There is no technical reason not to support Let’s Encrypt certificates. The first request for this feature dates back to February 2016 and now you discover an "official position" because you have not been able to implement an important security feature? Not supporting Let’s Encrypt means ignoring possibilities to secure your mail server and ignoring customers.

  • Chris Weiss commented  ·   ·  Flag as inappropriate

    really? a link to a blog that says right at the top that it's outdated? and the "new" version encourages you to use something besides kerio? nice.

    just make kerio allow the .wellknown folder to accept externally added files and we're done here.

    I currently use the ngnix method and regularly get gateway timeouts, especially during backup windows, which I know is an IO issue on my end, but ngnix's reverse proxy timeouts are not as tolerant as browsers are, even with crazy high values entered.

  • Alex Weber commented  ·   ·  Flag as inappropriate

    Sorry, this answer is ridiculous! May be you should post an addition description how to replace Kerio with a set of open source products.
    We bought Kerio to replace open-source product with something which is easy to use. Now you recommend to go back??

  • Ronny Fischer commented  ·   ·  Flag as inappropriate

    Pleas implement this in the next update.
    It's a novelty which should be easy to integrate and has a huge benefit for all users and administrators.

  • Finger Patrick commented  ·   ·  Flag as inappropriate

    we need it too, please implement this. Take a look to Plesk there works fine. Hope is comming a.s.a.p.

  • Gary McDonald commented  ·   ·  Flag as inappropriate

    This would be amazing. Apple and devices are a pain to get working since the latest ios updates. It's an admin pain to buy a CA cert and get it renewed every year for each customer we have.

  • Admin commented  ·   ·  Flag as inappropriate

    Adding certbot support to issue and auto renew SSL certificates would be great.

    Requires the web server to recognise .well-known/acme-challenge, a cron job to auto renew and a hook to restart services when a new certificate is issued (every 3 months).

    Vital as even small organisations can no longer use self signed certificates as iPhones/iPads will not honour them for mail.

  • Chris Weiss commented  ·   ·  Flag as inappropriate

    certbot could easily be used if the embedded web server would honor the needed files in a ".well-known" folder. full support would be nice though.

← Previous 1

Feedback and Knowledge Base