How to use Letsencrypt Certificate for Qmail

It has been a while since I have written a technical blog. So thought I start with Qmail. I had installed Qmail on Centos 6.6 version. The process may vary little from Centos 7 and other linux flavours. Qmail supports smtp (port 25) and submission service (port 587).Long time back I had setup a Qmail server using Roberto Puzzanghera's blueprint with both these services.
Lot of ISPs from European countries have started blocking port 25 so you will depend on the submission port to send out your mails. Submission port requires certificates. You can use self-sign certificates to get through your testing phase. But when it come to production you will need a third party certificate. Enter Letsencrypt to the rescue. They provide free single domain and multidomain (SAN) certificates for websites. These can be used for email servers as well.

One of the requirements is you need to setup ServerName of email server in apache.

Add hostnames of your mail server to apache config
vi /etc/httpd/conf/httpd.conf   
<VirtualHost *:80>
Restart apache   
service httpd restart   

Backup your present certificates
mkdir /usr/local/src/certs
cp /var/qmail/control/*.pem /usr/local/src/certs

Download certbot-auto
chmod a+x certbot-auto

Install your certificate
This script will install bunch of stuff including python.

./certbot-auto --apache certonly --cert-name -d -d -d -d  -d

Combine private key with certificate   
Qmail expects the private key and certificate combined together

cat /etc/letsencrypt/live/ /etc/letsencrypt/live/ > /var/qmail/control/servercert.pem 

qmailctl restart

Test Renewal
The certificates needs to be renewed every 90 days
./certbot-auto renew --dry-run

If this works try renewing
certbot-auto renew

Create a cronjob to renew certificate every month
sudo vi

/root/certbot-auto renew
cat /etc/letsencrypt/live/ /etc/letsencrypt/live/ > /var/qmail/control/servercert.pem
/usr/local/bin/qmailctl restart

chmod 755

crontab -e

#Script to renew qmail certificate at 12:00AM on the 20th of every month
0 0 20 * * /root/ >> /var/log/customcron.log 2>&1