letsencrypt

Joseph Tam jtam.home at gmail.com
Fri Mar 3 22:53:45 UTC 2017


> Thanks. Is there another way of doing this? I've got a web server
> running on 80 and 443. Are there any other options?

I'm getting this list in digest mode, so it's possible by the time this
gets to you, I will have repeated someone else' suggestion.

In this situation, where your dovecot server lives on the same host as a
web server (wembail?), and this web server is already going certificate
renewal, then just change the certificate to use SNI extension and add
all LS services that live on this host.  (This does not count as a cert
renewal, but a new cert).

(E.g. if you are using a certbot to get a certifiticate for
"webmail.mydomain", then add "pop3.mydomain", "imap.mydomain" and
"smtp.mydomain" to the certificate.)

Your web server will have to virtually host those domains for the purposes
of mapping the token pickup folder.  Then you can use the same certificate
for all TLS services hosted on that server.

Joseph Tam <jtam.home at gmail.com>


More information about the dovecot mailing list