Unexpected config results with local_name + multiple SSL certs

[David Favor]

Working with SSL on fresh install of latest Ubuntu Artful + Dovecot
seems broken somehow.

Application is Dovecot listening for many SSL sites...

Likely I've missed adding something simple to the config, related
to local_name usage.

Be great if someone can point out what I've missed, to setup
multiple SSL certs for different host.domain entries in config.

Thanks.
_______

This works as expected... where the SNI server name is returned...

#local_name imap.cydec.com {
    ssl_cert = </etc/letsencrypt/live/imap.cydec.com/fullchain.pem
    ssl_key = </etc/letsencrypt/live/imap.cydec.com/privkey.pem
#}

service dovecot restart && echo QUIT | openssl s_client -connect imap.cydec.com:993 -servername imap.cydec.com 2>&1 | egrep ^subject
subject=/CN=imap.cydec.com
_______

This fails...

local_name imap.cydec.com {
    ssl_cert = </etc/letsencrypt/live/imap.cydec.com/fullchain.pem
    ssl_key = </etc/letsencrypt/live/imap.cydec.com/privkey.pem
}

service dovecot restart && echo QUIT | openssl s_client -connect imap.cydec.com:993 -servername imap.cydec.com 2>&1 | egrep ^subject
# Empty, so no servername match
_______

Full openssl output shows no cert being returned...

service dovecot restart && echo QUIT | openssl s_client -connect imap.cydec.com:993 -servername imap.cydec.com
CONNECTED(00000004)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 199 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
     Protocol  : TLSv1.2
     Cipher    : 0000
     Session-ID:
     Session-ID-ctx:
     Master-Key:
     PSK identity: None
     PSK identity hint: None
     SRP username: None
     Start Time: 1519576210
     Timeout   : 7200 (sec)
     Verify return code: 0 (ok)
     Extended master secret: no
---

_______

Config seems correct, with local_name uncommented...

dovecot -n
# 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.16 (fed8554)
# OS: Linux 4.13.0-36-generic x86_64 Ubuntu 17.10
auth_debug = yes
auth_debug_passwords = yes
auth_verbose = yes
debug_log_path = /var/log/dovecot.log
disable_plaintext_auth = no
info_log_path = /var/log/dovecot.log
log_path = /var/log/dovecot.log
mail_debug = yes
mail_location = mbox:~/mail:INBOX=/var/mail/%u
namespace inbox {
   inbox = yes
   location =
   mailbox Drafts {
     special_use = \Drafts
   }
   mailbox Junk {
     special_use = \Junk
   }
   mailbox Sent {
     special_use = \Sent
   }
   mailbox "Sent Messages" {
     special_use = \Sent
   }
   mailbox Trash {
     special_use = \Trash
   }
   prefix =
}
passdb {
   args = dovecot
   driver = pam
}
protocols = " imap pop3"
service imap-login {
   inet_listener imap {
     port = 0
   }
   inet_listener imaps {
     port = 993
     ssl = yes
   }
}
service pop3-login {
   inet_listener pop3 {
     port = 0
   }
   inet_listener pop3s {
     port = 995
     ssl = yes
   }
}
userdb {
   driver = passwd
}
local_name imap.cydec.com {
   ssl_cert = </etc/letsencrypt/live/imap.cydec.com/fullchain.pem
   ssl_key =  # hidden, use -P to show it
}