On Sat, 7 Sep 2019, Remo Mattei wrote:
Thanks Michael I will check with the free cert lets encrypt to test it.
If all your certificate subjects are domains under your control, such as when they are aliases of each other (e.g. smtp.domain.tld, pop3.domain.tld, imap.domain.tld, webmail.myotherdomain.tld, ...), you may find it more convenient to obtain a SAN (Subject Name Alternative) certificate, which allows multiple subjects to be specified in one certificate. Alternatively, you can also get a wildcard domain if all your subjects are in the same domain.
There are obvious advantages to this: one (and only one) certificate to add to the dovecot configuration, one renewal every ~60 days requiring one restart of the dovecot service (minimizes disruptions), etc.
A disadvantages is it's a little trickier to set up your ACME bot (and maybe your DNS service) to get a wildcard/SAN certificate.
Joseph Tam jtam.home@gmail.com