SNI Dovecot

Aki Tuomi aki.tuomi at dovecot.fi
Wed Aug 29 18:54:00 EEST 2018


You need to provide a global certificate as well.


---Aki TuomiDovecot oy
-------- Original message --------From: Nicolas <nicolas at shivaserv.fr> Date: 29/08/2018  17:41  (GMT+02:00) To: dovecot at dovecot.org Subject: SNI Dovecot 
 Hi all,

I'm testing the SNI configuration from dovecot's wiki page, to have multiple domains.

I'm using letsencrypt certificates.
  On the 10-ssl.conf, when I only use one domain, like this, it works :

ssl_ca = </etc/letsencrypt/live/mail.mydomain.fr/chain.pem
ssl_cert = </etc/letsencrypt/live/mail.mydomain.fr/cert.pem
ssl_key = </etc/letsencrypt/live/mail.mydomain.fr/privkey.pem

I got a warning of course when using my second domain, mydomain2.fr.

If I do the config :

local_name mail.mydomain.fr {
ssl_ca = </etc/letsencrypt/live/mail.mydomain.fr/chain.pem
ssl_cert = </etc/letsencrypt/live/mail.mydomain.fr/cert.pem
ssl_key = </etc/letsencrypt/live/mail.mydomain.fr/privkey.pem
}

local_name mail.mydomain2.fr {
ssl_ca = </etc/letsencrypt/live/mail.mydomain2.fr/chain.pem
ssl_cert = </etc/letsencrypt/live/mail.mydomain2.fr/cert.pem
ssl_key = </etc/letsencrypt/live/mail.mydomain2.fr/privkey.pem
}

I got this on dovecot's start :

dovecot[930]: master: Error: service(imap-login): command startup failed, throttling for 8 secs
dovecot[932]: imap-login: Fatal: Couldn't parse private ssl_key: error:0906D06C:PEM routines:PEM_read_bio:no start line: Expecting: ANY PRIVATE KEY

It's working without local_name, so why it can be a certificate issue?

Any idea?

I'm using dovecot 2.2.27-3+deb9u2 from debian.



Thanks,
Nicolas 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20180829/2575a248/attachment.html>


More information about the dovecot mailing list