Change the value of $NEWPASS  to your password that you set when you installed hamilserver.

$maildomain = "mail.float.i.ng"  ## ask question what domain ?

$mailaddress = "admin@$maildomain"

# for automated installations on EC2,  the password will be your instance ID
#$NEWPASS = (New-Object System.Net.WebClient).DownloadString("http://169.254.169.254/latest/meta-data/instance-id")

$NEWPASS = "INSTANCE-ID"

#Create Cert from Letsencrypt

#cd "C:\Program Files\win-acme"

cd "C:\Program Files\win-acme.v2.1.19.1142.x64"

.\wacs.exe --source manual --host $maildomain  --certificatestore My --installation iis --installationsiteid 1 --accepttos   --emailaddress $mailaddress --pemfilespath c:\certs  --verbose

$hm = New-Object -ComObject hMailServer.Application

## remember to actually create  this user so letsencrypt can email

$hm.Authenticate("Administrator","$NEWPASS")  | Out-Null

$hmAddDomain = $hm.Domains.Add()

$hmAddDomain.Name = "$maildomain"

$hmAddDomain.Active = $true

$hmAddDomain.Save()

$Windows_SSLCert_Name = $maildomain

$SSLCert_KEY_Private = "c:\certs\$maildomain-key.pem"

$SSLCert_CRT_Public = "c:\certs\$maildomain-crt.pem"

$hm_SSLCert_New = $hm.Settings.SSLCertificates.Add()

$hm_SSLCert_New.Name = $Windows_SSLCert_Name

$hm_SSLCert_New.PrivateKeyFile = $SSLCert_KEY_Private

$hm_SSLCert_New.CertificateFile = $SSLCert_CRT_Public

$hm_SSLCert_New.Save()

# Add mailbox to domain

$maildomain = $hm.Domains.ItemByName($maildomain)

$hmAccount = $maildomain.Accounts.Add()

$hmAccount.Address = $mailaddress

$hmAccount.Password = "$NEWPASS"

$hmAccount.Active = $true

$hmAccount.MaxSize = 100

$hmAccount.Save()

DISABLE windows firewall if it is enabled, you won’t have access. You can configure the Windows firewall to allow all 4 ports.

Easy is superior to following long instructions! You can have this done for you in a pre-installed EC2 AMI image. See it at: AWS Marketplace: Hmailserver with Roundcube Webmail – Complete Windows Email Server (amazon.com)

Now test whether you can receive and send emails, setup your favorite email client with user admin@YOURDOMAIN and the password is what is set in $NEWPASS in the above script (INSTANCE-ID)

Restart the hmail server

SInce y9uo already ran the above script open hmailserver admin

for smtp port 25 select starttls optional, otherwise you won’t be able to get email from servers without certs. For extra sensitive security like HIPA you will need to use required

Select your cert that the script created

Press save, then Select no until you have setup all 4 port with your cert.

For ports other than 25 select starttls required, 110, 143, 587

If your hmailserver is still not available, reboot your Windows Server

troubleshooting

Run the hmailserver troubleshooter, put your domain in the right side.

In my case I had neglected to make an MX record, so nothing worked.

test ports from any Windows Powershell with the following, change Computername to your FQDN and port to whichever you want to test 443, 25, 110, 587 or 443 for secure WWW

Test-NetConnection -ComputerName localhost -Port 443

also from linux

dig yourfqdn MX

in addition to forgetting MX record, I apparently left out setting the ssl cert for default IIS website.

My issue in the end was having default website for 443 mis-set

Run

Get-WebBinding

than remove the old ones, change the port and host name