Nous aurons besoin d'un tel certificat pour mettre en œuvre le chiffrement des communications, aussi bien SMTP que IMAP.

Utilisation de let's encrypt et de certbot pour la gestion de TLS. home.nain-t.net étant un sous-domaine de nain-t.net, DNS doit savoir résoudre les FQDN home.nain-t.net et mail.home.nain-t.net. Pour les besoins de certbot, des adresses IPv6 suffisent dans la zone nain-t.net:

home.nain-t.net.  	AAAA 	2a01:e0a:875:b1d0::10
mail.home.nain-t.net.	CNAME 	home.nain-t.net.

certbot certonly --standalone -d home.nain-t.net. -d mail.home.nain-t.net.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for home.nain-t.net and mail.home.nain-t.net

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/home.nain-t.net/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/home.nain-t.net/privkey.pem
This certificate expires on 2025-07-28.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -