FWIW, it’s relatively straightforward to do this with my Perl ACME implementation, Net::ACME2.
You’ll get your first certificate order using one key, then request another certificate with the other key. -FG > On Jul 30, 2018, at 1:49 PM, Aki Tuomi <aki.tu...@dovecot.fi> wrote: > > I don't know how to get both RSA and ECC cert from letsencrypt. > > Aki > >> On 30 July 2018 at 20:43 David Mehler <dave.meh...@gmail.com> wrote: >> >> >> Hello, >> >> What acme implementation do you use for your letsencrypt certificates? >> If it's acme.sh how do you get both rsa and ecc certificates? What >> configuration options are you using in your configuration of services >> to allow access to both rsa and ecc? >> >> Thanks. >> Dave. >> >> >> On 7/30/18, David Mehler <dave.meh...@gmail.com> wrote: >>> Hello, >>> >>> The client in question is the latest version of AquaMail running on >>> android. >>> >>> Thanks. >>> Dave. >>> >>> >>> On 7/30/18, Aki Tuomi <aki.tu...@dovecot.fi> wrote: >>>> You should, in practice, enable both. This gives best client compability. >>>> It >>>> is possible you have clients that cannot understand ECC certificates? You >>>> can use ssl_alt_cert to provide RSA cert too. >>>> >>>> Aki >>>> >>>>> On 30 July 2018 at 20:05 David Mehler <dave.meh...@gmail.com> wrote: >>>>> >>>>> >>>>> Hi, >>>>> >>>>> Thanks, good news is that worked. Bad news is it all looks good which >>>>> means I do not know hwhy my remote clients can't get their email, >>>>> looked like from the logs it was that. >>>>> >>>>> Would 143 be better or 993 for the external clients? >>>>> >>>>> Thanks. >>>>> Dave. >>>>> >>>>> >>>>> On 7/30/18, Aki Tuomi <aki.tu...@dovecot.fi> wrote: >>>>>> >>>>>>> On 30 July 2018 at 19:16 David Mehler <dave.meh...@gmail.com> wrote: >>>>>>> >>>>>>> >>>>>>> Hello, >>>>>>> >>>>>>> Does dovecot 2.3.x have any issues recognizing or using certificates >>>>>>> that are ECC and wildcard? I'm trying to switch my letsencrypt >>>>>>> implementation from acme-client which does not support either of >>>>>>> those >>>>>>> capabilities to acme.sh which does. Since then external clients >>>>>>> checking their email has not worked. A manual telnet to >>>>>>> mail.example.com 993 gives a connected message but then nothing no >>>>>>> greeting or capabilities. >>>>>>> >>>>>>> The certificate is for example.com with an alt name of *.example.com >>>>>>> if that's not right let me know, i'm not sure about that one, >>>>>>> connecting to the web sites of these pages seems noticeably slower, >>>>>>> I'm wondering if both of these issues aren't key related? >>>>>>> >>>>>>> Thanks. >>>>>>> Dave. >>>>>> >>>>>> These both should be fine. >>>>>> >>>>>> Port 993 is TLS encrypted, you should use openssl s_client -connect >>>>>> server:993 >>>>>> >>>>>> Aki >>>>>> >>>> >>>