https://wiki.dovecot.org/SSL/DovecotConfiguration#Different_certificates_per...
says: local 192.0.2.10 { # instead of IP you can also use hostname, which will be resolved
However if the name resolves to multiple values only one is used.
Test. Choose any name with multiple values, I created a local name:
$ nslookup multi.lan Server: 127.0.0.1 Address: 127.0.0.1#53
Name: multi.lan Address: 192.168.1.2 Name: multi.lan Address: 192.168.1.3 Name: multi.lan Address: 192.168.1.1
Minimal dovecot.conf:
local multi.lan { protocol imap { ssl_cert = </path/to/certs/multi.lan.crt ssl_key = </path/to/certs/multi.lan.key } }
$ dovecot -n -c dovecot.conf # 2.3.5 (513208660): dovecot.conf ... local 192.168.1.2 { protocol imap { ssl_cert = </path/to/certs/multi.crt ssl_key = # hidden, use -P to show it } }
Only 192.168.1.2 appears.
In my real case with A and AAAA records, only the AAAA record is used. Testing with "openssl s_client -starttls imap ..." gives me the wrong certificate for the IPv4 address. Workaround: specify all addresses and do not use lookup.
James.