SSL for Webmail?


#1

Now that Webmail is up and running, are there any plans to add encryption?


#2

No, there aren’t any plans to add SSL on free webmail, just because the IPs doesn’t work with all the certificate providers and you need to use the self-signed one.


split this topic #3

2 posts were split to a new topic: I have an active SSL on cloudflare but my site couldn’t open on https


#4

The IP’s don’t work with certificate providers? Like whom? Sectigo, Let’s Encrypt?


#5

This is a restriction with all certificate providers. I don’t know any providers who provide certificates for IP addresses.

The problem is that the webmail is currently accessed on the URL http://185.27.134.244/roundcubemail/. This is a subdirectory on an IP address, not a domain name. SSL certificates can only be requested for domain names, not IP addresses. Therefore, it’s not possible to install SSL on the webmail without migrating it to a domain first.


#8

The IP is public right? I know of two providers. GlobalSign and DigiCert. Why are you using an IP anyways? Optimization reasons or something else?


#9

iFastNet is using a public IP for their webmail because of impossibility to install a SSL certificate and to use their self-signed certificate for their webmail. When they migrate the Webmail to a domain, they will install Let’s Encrypt as well, but I’m not sure.


#10

I have no idea why iFastNet didn’t put the webmail on a domain name. I don’t like the setup either, but it’s not my call to make.


#11

Public IP’s can have SSL. There are CA’s that provide them. Only private IP’s are against the rules. They are not cheap but for a growing business, it shouldn’t be a problem financially.


#12

The only reasons I can think of are to lower DNS request and cookies, but from what I’ve studied, it seems to offer little improvements and more hassle.