I want to supply separate Letsencrypt certificates for each virtual domain and seeing that SNI does not work I need to allocate separate IPs. Could anyone give some pointers, or keywords to search for, on... a) how to make dovecot listen for different domains on different IPs? b) how to configure separate SSL certs for each of these IPs?
> On December 17, 2016 at 1:35 PM Mark Constable <markc at renta.net> wrote: > > > I want to supply separate Letsencrypt certificates for each virtual domain > and seeing that SNI does not work I need to allocate separate IPs. Could > anyone give some pointers, or keywords to search for, on... > > a) how to make dovecot listen for different domains on different IPs? > > b) how to configure separate SSL certs for each of these IPs?Au contraire, dovecot does support SNI. On earlier versions, it works by specifying local_name server.name { ssl_cert=</path/to/cert ssl_key=</path/to/key } with 2.2.27, you can also do local_name "some.name other.name more.name *.name" { ssl_cert=</path/to/cert ssl_key=</path/to/key } Aki
On Sat, Dec 17, 2016 at 1:35 PM, Mark Constable <markc at renta.net> wrote:> I want to supply separate Letsencrypt certificates for each virtual domain > and seeing that SNI does not work I need to allocate separate IPs. Could > anyone give some pointers, or keywords to search for, on... > > a) how to make dovecot listen for different domains on different IPs? > > b) how to configure separate SSL certs for each of these IPs? >The way we do it is by specifying each IP address and certificate in 10-ssl.conf ssl = yes local xxx.xxx.xxx.xxx { # instead of IP you can also use hostname, which will be resolved protocol imap { ssl_cert = </usr/local/etc/postfix/keys/domainA.crt ssl_key = </usr/local/etc/postfix/keys/domainA.key } } local xxx.xxx.xxx.xxx { # instead of IP you can also use hostname, which will be resolved protocol imap { ssl_cert = </usr/local/etc/postfix/keys/domainB.crt ssl_key = </usr/local/etc/postfix/keys/domainB.key } } ......... Hope that helps -- George Kontostanos ---