You need to provide a global certificate as well.
---Aki TuomiDovecot oy -------- Original message --------From: Nicolas <[email protected]> Date: 29/08/2018 17:41 (GMT+02:00) To: [email protected] Subject: SNI Dovecot Hi all, I'm testing the SNI configuration from dovecot's wiki page, to have multiple domains. I'm using letsencrypt certificates. On the 10-ssl.conf, when I only use one domain, like this, it works : ssl_ca = </etc/letsencrypt/live/mail.mydomain.fr/chain.pem ssl_cert = </etc/letsencrypt/live/mail.mydomain.fr/cert.pem ssl_key = </etc/letsencrypt/live/mail.mydomain.fr/privkey.pem I got a warning of course when using my second domain, mydomain2.fr. If I do the config : local_name mail.mydomain.fr { ssl_ca = </etc/letsencrypt/live/mail.mydomain.fr/chain.pem ssl_cert = </etc/letsencrypt/live/mail.mydomain.fr/cert.pem ssl_key = </etc/letsencrypt/live/mail.mydomain.fr/privkey.pem } local_name mail.mydomain2.fr { ssl_ca = </etc/letsencrypt/live/mail.mydomain2.fr/chain.pem ssl_cert = </etc/letsencrypt/live/mail.mydomain2.fr/cert.pem ssl_key = </etc/letsencrypt/live/mail.mydomain2.fr/privkey.pem } I got this on dovecot's start : dovecot[930]: master: Error: service(imap-login): command startup failed, throttling for 8 secs dovecot[932]: imap-login: Fatal: Couldn't parse private ssl_key: error:0906D06C:PEM routines:PEM_read_bio:no start line: Expecting: ANY PRIVATE KEY It's working without local_name, so why it can be a certificate issue? Any idea? I'm using dovecot 2.2.27-3+deb9u2 from debian. Thanks, Nicolas
