On 2023-09-27, dovecot--- via dovecot dovecot@dovecot.org wrote:
Quick Q: Can dovecot use wildcard TLS Certificates?
I'm having issues with a new dovecot/postfix stack set-up and I can't get mutt on the local box to connect via imap - its coming back with an SSL error, and as I'm using a wildcard cert for the domain I was wondering if that was my issue.
If dovecot can use wildcard certs then I'll look elsewhere in my troubleshooting.
Check that you have configured dovecot to serve any required intermediate certs. If you post the hostname others can take a look and let you know if that's the problem.
I use wildcard certs on my dovecot.
ssl_cert = </var/lib/certs/example.com/fullchain.pem ssl_key = </var/lib/certs/example.com/privkey.pemI don't remember if it was dovecot specific, but i did have issues making the cert with ONLY a wild card entry such as "*.example.com" I fixed the issue by creating the cert with two entries, one for "example.com" and one for "*.example.com"
That is standard. A wildcard for *.example.com covers <somename>.example.com but not <somename>.<somename>.example.com or plain example.com.