Domains on different IPs
I want to supply separate Letsencrypt certificates for each virtual domain and seeing that SNI does not work I need to allocate separate IPs. Could anyone give some pointers, or keywords to search for, on...
a) how to make dovecot listen for different domains on different IPs?
b) how to configure separate SSL certs for each of these IPs?
On December 17, 2016 at 1:35 PM Mark Constable markc@renta.net wrote:
I want to supply separate Letsencrypt certificates for each virtual domain and seeing that SNI does not work I need to allocate separate IPs. Could anyone give some pointers, or keywords to search for, on...
a) how to make dovecot listen for different domains on different IPs?
b) how to configure separate SSL certs for each of these IPs?
Au contraire, dovecot does support SNI. On earlier versions, it works by specifying
local_name server.name { ssl_cert=
with 2.2.27, you can also do
local_name "some.name other.name more.name *.name" { ssl_cert=
Aki
On Sat, Dec 17, 2016 at 1:35 PM, Mark Constable markc@renta.net wrote:
I want to supply separate Letsencrypt certificates for each virtual domain and seeing that SNI does not work I need to allocate separate IPs. Could anyone give some pointers, or keywords to search for, on...
a) how to make dovecot listen for different domains on different IPs?
b) how to configure separate SSL certs for each of these IPs?
The way we do it is by specifying each IP address and certificate in 10-ssl.conf
ssl = yes
local xxx.xxx.xxx.xxx { # instead of IP you can also use hostname, which will be resolved
protocol imap {
ssl_cert = </usr/local/etc/postfix/keys/domainA.crt
ssl_key = </usr/local/etc/postfix/keys/domainA.key}
}
local xxx.xxx.xxx.xxx { # instead of IP you can also use hostname, which will be resolved
protocol imap {
ssl_cert = </usr/local/etc/postfix/keys/domainB.crt
ssl_key = </usr/local/etc/postfix/keys/domainB.key}
}
.........
Hope that helps
-- George Kontostanos
participants (3)
-
Aki Tuomi
-
George Kontostanos
-
Mark Constable