Hi I have some problem with SNI and dovecot 2.2.36.4
Server debian 9.x ad dovecot-2.2.36.4
default server ssl cert is a wildcard like *.domain.com (digicert)
ssl_ca = /var/control/cert.pem ssl_cert = </var/control/cert.pem
I added for test another domain (in dns to) for another ssl (letsencrypt)
from https://wiki.dovecot.org/SSL/DovecotConfiguration
like:
local_name imap.mail.test.domain.com { ssl_cert = </etc/dovecot/ssl/imap.mail.test.domain.com.pem ssl_key = < /etc/dovecot/ssl/imap.mail.test.domain.com.key }
doveconf -n:
local_name imap.mail.test.domain.com { ssl_cert = </etc/dovecot/ssl/imap.mail.test.domain.com.pem ssl_key = # hidden, use -P to show it }
Now I test like: openssl s_client -connect imap.mail.test.domain.com:993 -tls1_1
and dovecot show me default server cert (digicert) but not dedicated from letsencrypt
In DNS domain imap.mail.test.domain.com is not match *.domain.com
Any idea ?