fix examples cert4mail 08.01.2022:18.22

certbot4mail/certbot4mail.conf

@@ -1,5 +1,5 @@
 adminmail="admin@mydomen.com";
-webcrt="/home/wwwmails/letsencrypt";
+webcrt="/home/wwwmail/letsencrypt";
 domains=( 
  "mail.mydomen.com" 
  );

certbot4mail/examples/nginx/sites-avalable/http_mail-mydomen

@@ -5,7 +5,7 @@ server {
     if ($http_host !~ "^mail.mydomen.ru$"){
         rewrite ^(.*)$ http://mail.mydomen.ru$1 redirect;
     }
-    root /home/www/letsencrypt;
+    root /home/wwwmail/letsencrypt;
 
     error_log /var/log/nginx/err-mail_mydomen_ru.log;
     access_log /var/log/nginx/access-mail_mydomen_ru.log;

certbot4mail/examples/nginx/templates/letsencrypt.conf

@@ -1,7 +1,7 @@
 location /.well-known {
    allow all;
    default_type "text/plain";
-   alias /home/www/letsencrypt/.well-known;
+   alias /home/wwwmail/letsencrypt/.well-known;
  }
 
  location = /.well-known {

certbot4mail/examples/stunnel.conf

@@ -0,0 +1,126 @@
+; Sample stunnel configuration file for Unix by Michal Trojnara 2002-2015
+; Some options used here may be inadequate for your particular configuration
+; This sample file does *not* represent stunnel.conf defaults
+; Please consult the manual for detailed description of available options
+
+; **************************************************************************
+; * Global options                                                         *
+; **************************************************************************
+
+; It is recommended to drop root privileges if stunnel is started by root
+;setuid = stunnel4
+;setgid = stunnel4
+
+; PID file is created inside the chroot jail (if enabled)
+pid = /var/run/stunnel4/stunnel.pid
+
+; Debugging stuff (may be useful for troubleshooting)
+;foreground = yes
+;debug = info
+output = /var/log/stunnel4/stunnel.log
+
+; Enable FIPS 140-2 mode if needed for compliance
+;fips = yes
+fips = no
+; **************************************************************************
+; * Service defaults may also be specified in individual service sections  *
+; **************************************************************************
+
+; Enable support for the insecure SSLv3 protocol
+options = -NO_SSLv3
+sslVersion = TLSv1.2
+
+; These options provide additional security at some performance degradation
+;options = SINGLE_ECDH_USE
+;options = SINGLE_DH_USE
+
+; **************************************************************************
+; * Include all configuration file fragments from the specified folder     *
+; **************************************************************************
+
+;include = /etc/stunnel/conf.d
+
+; **************************************************************************
+; * Service definitions (remove all services for inetd mode)               *
+; **************************************************************************
+
+; ***************************************** Example TLS client mode services
+
+; The following examples use /etc/ssl/certs, which is the common location
+; of a hashed directory containing trusted CA certificates.  This is not
+; a hardcoded path of the stunnel package, as it is not related to the
+; stunnel configuration in /etc/stunnel/.
+
+;[mydomen-pop3]
+;client = yes
+;accept = 127.0.0.1:110
+;connect = pop3.mydomen.ru:995
+;verifyChain = yes
+;CApath = @sysconfdir/ssl/certs
+;checkHost = pop3s.mydomen.ru
+;OCSPaia = yes
+
+;[mydomen-imap]
+;client = yes
+;accept = 127.0.0.1:143
+;connect = imap.mydomen.ru:993
+;verifyChain = yes
+;CApath = @sysconfdir/ssl/certs
+;checkHost = imaps.mydomen.ru
+;OCSPaia = yes
+
+;[mydomen-smtp]
+;client = yes
+;accept = 127.0.0.1:25
+;connect = smtp.mydomen.ru:465
+;verifyChain = yes
+;CApath = @sysconfdir/ssl/certs
+;checkHost = smtps.mydomen.ru
+;OCSPaia = yes
+
+; ***************************************** Example TLS server mode services
+
+[pop3s]
+accept  = 10.2.2.8:995
+connect = 10.2.2.8:110
+cert=/etc/letsencrypt/live/mail.mydomen.ru/fullchain.pem
+key=/etc/letsencrypt/live/mail.mydomen.ru/privkey.pem
+
+[imaps]
+accept  = 10.2.2.8:993
+connect = 10.2.2.8:143
+cert=/etc/letsencrypt/live/mail.mydomen.ru/fullchain.pem
+key=/etc/letsencrypt/live/mail.mydomen.ru/privkey.pem
+
+[smtps]
+accept  = 10.2.2.8:465
+connect = 10.2.2.8:587
+cert=/etc/letsencrypt/live/mail.mydomen.ru/fullchain.pem
+key=/etc/letsencrypt/live/mail.mydomen.ru/privkey.pem
+
+; TLS front-end to a web server
+;[https]
+;accept  = 443
+;connect = 80
+;cert = /etc/stunnel/stunnel.pem
+; "TIMEOUTclose = 0" is a workaround for a design flaw in Microsoft SChannel
+; Microsoft implementations do not use TLS close-notify alert and thus they
+; are vulnerable to truncation attacks
+;TIMEOUTclose = 0
+
+; Remote shell protected with PSK-authenticated TLS
+; Create "/etc/stunnel/secrets.txt" containing IDENTITY:KEY pairs
+;[shell]
+;accept = 1337
+;exec = /bin/sh
+;execArgs = sh -i
+;ciphers = PSK
+;PSKsecrets = /etc/stunnel/secrets.txt
+
+; Non-standard MySQL-over-TLS encapsulation connecting the Unix socket
+;[mysql]
+;cert = /etc/stunnel/stunnel.pem
+;accept = 3307
+;connect = /run/mysqld/mysqld.sock
+
+; vim:ft=dosini