On 24.04.22 02:45, Richard Hector wrote:
On 22/04/22 11:57, Joseph Tam wrote:
Keep in mind the subject name (CN or SAN AltNames) of your certificate must match your IMAP server name e.g. if your certificate is made for "www.mydomain.com", you'll have to configure your IMAP clients to also use "www.mydomain.com" as the IMAP server name.
This typically means the web and IMAP server must reside on the same server, otherwise you'll have to use DNS challenge method to support multiple hostnames on the same certificate.
_A_ web server has to be there. It doesn't have to serve anything else useful. My mail server has a web server that only serves the LE challenge. Well, actually it's a proxy server that serves several other domains too, but there's nothing else served on that domain (at the moment).
if it wasn't already mentioned in this thread:
acme.sh (https://github.com/acmesh-official/acme.sh) has a builtin standalone webserver which can be used in such cases, there's no need for an additional web server. And Certbot has this functionality too.
acme.sh is a very simple and stable solution - it's just a shell script, no dependencies. I'm using it on a number of servers (together with Apache/Nginx or with the builtin standalone mode on mail gateways) without any problem.
Regards, Markus