SSL services are more popular for modern network usage. Secure your data from A to B is very important issue you couldn't ignore.

To replace default certifcate and private key of RaidenMAILD, you need apply a new certificate first, no matter it is free or paid.

FREE SSL CERTIFICATE: You could try ZEROSSL

After you get certificate from ZEROSSL, you need to do following to change filename.

private.key -> privkey.pem

certificate.crt -> cert.pem

ca_bundle.crt -> cacert.pem

Then you need to overwrite old files in \SSL and restart RaidenMAILD to take effect.

FREE SSL CERTIFICATE: You could try CertBot

1. Before apply certificate from CertBot, you need to decide which way (http/dns) to validate your domain identity. Unless your dns update freqency is very soon, we suggest you should use http validation. Http validation means if you apply certificate for mail.abc.com as Common Name, you need to have a website ready for mail.abc.com first.

2. Download CertBot to install, its default installation folder is C:\Program Files (x86)\CertBot. Open a dos prompt with administrator permission and enter C:\Program Files (x86)\CertBot\Bin. Use follow command to apply a certificate.

certbot certonly --manual --key-type rsa --preferred-challenges http -m youremail@yourdomain.com(PS1) -d mail.abc.com(PS2)

PS1: The Email address which is responsible for certificate.
PS2: The Common Name of Certificate, which means your server official network address.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: n
Account registered.
Requesting a certificate for mail.abc.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Create a file containing just this data:

u2w5eHjQhmxJxGjk_rl8nHJwPRhcoFOylHt9ImWUlTI.MqsXsQ8Q-yjqAbhhkEFoasLYhRVruWUIkptzXh9us50

And make it available on your web server at this URL:

http://mail.abc.com/.well-known/acme-challenge/u2w5eHjQhmxJxGjk_rl8nHJwPRhcoFOylHt9ImWUlTI

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue

You need to pause here and prepare the validation file on your website.
After validation file is ready, you could press Enter to continue.

Go to mail.abc.com website root folder to create a folder named .well-known, then enter .well-known folder and create a folder named acme-challenge.

Create a TEXT file named u2w5eHjQhmxJxGjk_rl8nHJwPRhcoFOylHt9ImWUlTI and file content is u2w5eHjQhmxJxGjk_rl8nHJwPRhcoFOylHt9ImWUlTI.MqsXsQ8Q-yjqAbhhkEFoasLYhRVruWUIkptzXh9us50.

After the file is ready, you could test it via http://mail.abc.com/.well-known/acme-challenge/u2w5eHjQhmxJxGjk_rl8nHJwPRhcoFOylHt9ImWUlTI

If it is successful to connect to this file, you could continue in dos prompt.

Successfully received certificate.
Certificate is saved at: C:\Certbot\live\mail.abc.com\fullchain.pem
Key is saved at:         C:\Certbot\live\mail.abc.com\privkey.pem
This certificate expires on 2022-10-27.
These files will be updated when the certificate renews.

NEXT STEPS:
- This certificate will not be renewed automatically. 

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

The applied certificate will be stored in C:\CertBot. You could enter C:\CertBot\archive\mail.abc.com to see following files.

cert.pem : Your certificate
privkey.pem : Private key
chain.pem : chain certificate
fullchain.pem: full chain certificate

Rename chain.pem to cacert.pem and copy cert.pem, privkey.pem, cacert.pem to <RaidenMAILD>\SSL to overwrite old files and restart RaidenMAILD service to take effect.

You need to apply new certificate every three months.

PAID SSL CERTIFICATE: You could try COMODO SSL(Cheapest) , if you need to generate CSR, try CSRGENERATOR

PS: Make sure COPY PRIVATE KEY CONTENT to TEXT FILE, and name it to privkey.pem, we need this file later.

Example:
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDUF4uaR0vPRQ7D
.
.
.
.
.
.
.
.
rct88LuVNg+E7SK4gz51mAbuCDu08QWc6H4cy8x48wr+n4HTLbfK/qMQrVO1ZsZU
C7tte0LvlYjEfko+8zwilDN1wTjWgPszY5wQa4CrpQgkjpOBiZj36tdWn8O+uIO1
67XYtosxrZdDUMsApQyfPtRx
-----END PRIVATE KEY-----

After you got certificate files, it should be something like these.

Do following to change filenames.
1) www_raidenmaild_com.crt -> cert.pem.
2) SectigoRSADomainValidationSecureServerCA.crt -> cacert.pem

After the steps above are done, you already got 3 files ready to use.
They are cert.pem, cacert.pem and privkey.pem.
Just copy them to <RaidenMAILD>\SSL folder to overwrite old files and restart your service to take effect.