Mailing List Message #106912
From: Shaun Gamble <>
Subject: Re: Lets Encrypt for CGP on WIndows
Date: Mon, 30 Jul 2018 10:24:35 +1000
To: CommuniGate Pro Discussions <>

Thanks Nicolas. I'll delay in doing anything here as I have yet to successfully automate the actual renewal. The import is a small part in comparison.

The CA is listed as expiring in 2021. However, it appears to be included in the actual certificate as well. So it is there. Which means webadmin is probably a better way to go here.

There is a Perl based script for LE, but I am nowhere near ready to look at it :-)

On 27/07/2018 10:47 PM, Nicolas Hatier wrote:

If you're sure the Let's Encrypt CA won't change (it did in the past though), you can comment the $cafile part.

However you will likely have to modify the script to split the certificate file into individual certificates. The CGP webadmin interface is much more forgiving than the CLI interface.

For HTTP access, you could possibly use a user website - http://cgserver/~user/..., though I'm not sure if CGP caches the file list, you may have to either restart CGP or use CLI (WRITESTORAGEFILE) to put the file there.


On 2018-07-26 21:45, Shaun Gamble wrote:
I'm having another go with your script. I didn't realise you were using DNS.

For Windows, I use LE64.exe to update the Let's Encrypt certificate. I am not using Cygwin like you so I am not sure how I can automate the renewal. I can run the file in a batch file but updating my DNS records (I administer all of my DNS records on my ISP) is beyond me with a script.

The following is the command line to use:

le64.exe --key account.key --csr mail.csr --csr-key mail.key --crt mail.crt --domains "domain" --generate-missing --handle-as dns --renew 10 --issue-code 100 --live

Two things. I am using the script from the Paste Bin URL you posted in this thread. le64.exe uses only one crt and one csr.

I am a little fuzzy on this and may be muddled here but you have listed two crt files, one being the CA. The crt file I get from LE using LE64 actually appears to have two crt files in one. In other words, the --begin-- --end-- appears twice in the one file.

I manually import the crt file at this stage doing the following:

When importing into CGP:


DO NOT SELECT Remove Key and Certificate.

Under Domain Certificate, select "Remove Certificate"

Then paste the contents of mail.crt into CA response.

Based on this, would I simply comment out the $cafile ? Keep in mind this is a renewal and the CA is optional but appears to be included in the crt file and imported by CGP anyway.

Once I get this, I'll need to work out how to automate renewing the certificate.

Is there anyway we can place a file in the CGP directory to allow http access (ie http://mail.cgpserver.dom/file.html)? While I can place files in the folder to change logos etc. this does not appear possible for http verification.

On 27/07/2018 1:34 AM, Nicolas Hatier wrote:

Earlier in this thread I shared a script I use (on Windows and Linux) to update CGP certificates.

I use getssl on Windows to automate the certificate renewal, hooked to a custom script that does DNS verification. The custom script is specifically designed for my DNS provider, you will need to find or write one for yours.


On 2018-07-25 22:28, Shaun Gamble wrote:
It depends upon which OS you use. If it is *nix based then it is not so bad and can be automated. Windows is a bit of a PITA. I have to renew manually. I also have to verify with DNS rather than http which is a PITA.

There are quite a few links pointing you in the right direction. My apologies if you have already seen these.

On 25/07/2018 8:19 PM, Andre Mueller wrote:


I found this discussion thread about "Let's Encrypt" certificates and integration in CGP (last post on 28.12.2017).

I would appreciate it very much if CommuniGate Pro Support could integrate a small how-to for the integration of "Let's Encrypt" certificates in the CommuniGate Pro on-line help and documentation (

Of interest would also a how-to for the case that the CommuniGate Pro has to serve different domains.

Many thanks in advance and best regards,


This message is sent to you because you are subscribed to
 the mailing list <>.
To unsubscribe, E-mail to: <>
To switch to the DIGEST mode, E-mail to <>
To switch to the INDEX mode, E-mail to <>
Send administrative queries to <>

Fitzroy Island <> Cairns, QLD
Destination Darwin NT <> Darwin, NT
MOM Backpackers <> Darwin, NT
Value Inn Hotel <> Darwin, NT
Crocosaurus Cove <> Darwin, NT
Please do not send any unsolicited email. It is not wanted. 
Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster