The Linux Page

Setting up Postfix/Courier with a GoDaddy SSL certificate

In order to have TLS support for Postfix you need to setup several files.

First of all, you create a certificate and get it signed by GoDaddy. They have instructions for that purpose. At this time, it looks something like this:

openssl req -new -newkey rsa:2048 -nodes -keyout domain.key -out domain.csr

The names "domain.key/csr" should match your domain name. If you are signing a specific sub-domain, you may want to include that sub-domain in the filename (i.e. mail.domain.key.)

When GoDaddy returns to you, they will give you a zip file with two files:


The Postfix installation requires a few flags to get things to work on that end. Something like this should work on Ubuntu. You may want to read the documentation about each one of these options before using them.

smtp_tls_loglevel = 0
smtpd_use_tls = yes
smtpd_tls_CAfile = /etc/ssl/certs/
smtpd_tls_cert_file = /etc/postfix/tls/server.pem
smtpd_tls_key_file = /etc/postfix/tls/key.pem
smtpd_tls_auth_only = yes
smtpd_tls_loglevel = 0
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

The key.pem file is your private key. The private key starts with the line:


The server.pem file is a concatenation of the signed public key and GoDaddy bundle. This means:

cat gd_bundle.crt >server.pem

The .crt file is a public key so it starts with:


The bundle helps the postfix system to find all the necessary certificates.

Once you have that done, you can create the necessary .pem files for courier. We only use IMAP3 and POP3, but I would imadigine that the SMTP file is the same. Those files include all the certificates and keys. All in one.

cat domain.key gd_bundle.crt >imapd.pem
cp imapd.pem pop3d.pem

Of course, you will have to restart postfix and courier accordingly.

service postfix restart
service courier-imap-ssl restart
service courier-pop-ssl restart

Now it should work. Good luck, you'll probably need it.

Re: Setting up Postfix/Courier with a GoDaddy SSL certificate

Thank you for the write up. Great start but there are inconsistencies in the file names that you are using. Making perfect sense is a bit confusing to follow exactly.