SNI Dovecot
Aki Tuomi
aki.tuomi at dovecot.fi
Wed Aug 29 18:54:00 EEST 2018
You need to provide a global certificate as well.
---Aki TuomiDovecot oy
-------- Original message --------From: Nicolas <nicolas at shivaserv.fr> Date: 29/08/2018 17:41 (GMT+02:00) To: dovecot at dovecot.org Subject: SNI Dovecot
Hi all,
I'm testing the SNI configuration from dovecot's wiki page, to have multiple domains.
I'm using letsencrypt certificates.
On the 10-ssl.conf, when I only use one domain, like this, it works :
ssl_ca = </etc/letsencrypt/live/mail.mydomain.fr/chain.pem
ssl_cert = </etc/letsencrypt/live/mail.mydomain.fr/cert.pem
ssl_key = </etc/letsencrypt/live/mail.mydomain.fr/privkey.pem
I got a warning of course when using my second domain, mydomain2.fr.
If I do the config :
local_name mail.mydomain.fr {
ssl_ca = </etc/letsencrypt/live/mail.mydomain.fr/chain.pem
ssl_cert = </etc/letsencrypt/live/mail.mydomain.fr/cert.pem
ssl_key = </etc/letsencrypt/live/mail.mydomain.fr/privkey.pem
}
local_name mail.mydomain2.fr {
ssl_ca = </etc/letsencrypt/live/mail.mydomain2.fr/chain.pem
ssl_cert = </etc/letsencrypt/live/mail.mydomain2.fr/cert.pem
ssl_key = </etc/letsencrypt/live/mail.mydomain2.fr/privkey.pem
}
I got this on dovecot's start :
dovecot[930]: master: Error: service(imap-login): command startup failed, throttling for 8 secs
dovecot[932]: imap-login: Fatal: Couldn't parse private ssl_key: error:0906D06C:PEM routines:PEM_read_bio:no start line: Expecting: ANY PRIVATE KEY
It's working without local_name, so why it can be a certificate issue?
Any idea?
I'm using dovecot 2.2.27-3+deb9u2 from debian.
Thanks,
Nicolas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20180829/2575a248/attachment.html>
More information about the dovecot
mailing list