Automatically enable HTTPS on your website with EFF's Certbot, deploying Let's Encrypt certificates. For more information see

Lets convert the Certbot certificate to qmail:

# cd /usr/local/etc/letsencrypt/live/
# cat fullchain.pem > /var/qmail/control/servercert.pem
# cat privkey.pem >> /var/qmail/control/servercert.pem

Now lets give proper ownership to the files:

# cd /var/qmail/control
# chown root:nofiles servercert.pem

The "nofiles" group is the group which "qmaild" belongs to. This combination of ownership and permissions allows qmail-smtpd to read the key, but not change or delete it.

# chmod 640 servercert.pem
# cp servercert.pem clientcert.pem
# chown root:qmail clientcert.pem
# chmod a+r /var/qmail/control/servercert.pem

The "qmail" group is the group with the "qmailr" user belongs to. This user should be able to read, but not write, the "clientcert.pem" file.

# chmod 640 clientcert.pem