Multiple certificate option
Joseph Tam
jtam.home at gmail.com
Mon Sep 9 23:47:08 EEST 2019
On Sat, 7 Sep 2019, Remo Mattei wrote:
> Thanks Michael I will check with the free cert lets encrypt to test it.
If all your certificate subjects are domains under your control,
such as when they are aliases of each other (e.g. smtp.domain.tld,
pop3.domain.tld, imap.domain.tld, webmail.myotherdomain.tld, ...), you
may find it more convenient to obtain a SAN (Subject Name Alternative)
certificate, which allows multiple subjects to be specified in one
certificate. Alternatively, you can also get a wildcard domain if
all your subjects are in the same domain.
There are obvious advantages to this: one (and only one) certificate to
add to the dovecot configuration, one renewal every ~60 days requiring one
restart of the dovecot service (minimizes disruptions), etc.
A disadvantages is it's a little trickier to set up your ACME bot (and maybe
your DNS service) to get a wildcard/SAN certificate.
Joseph Tam <jtam.home at gmail.com>
More information about the dovecot
mailing list