On 2020-03-22 20:53, Keith Lofstrom wrote:
MY FIRST QUESTION IS: can multiple domains and multiple
SSL certificates share one IP address? I can rent more
IP addresses, but I hope to avoid complication and cost.
Yes! Folks fixed that problem a while ago. Browsers now tell the
webserver which domain it's trying to access, so the webserver can pick
the right certificate. Also, you can add an arbitrary number of
hostnames ("server alternative names") to one SSL certificate, but
there's no point in doing that when you can just have a cert for each
domain.
NEXT QUESTION: what is a good ten page summary of how to
set up and maintain SSL certificates in the simplest way?
Info, scripts to automate the process and FREE SSL CERTS here:
https://letsencrypt.org
The topic is definitely worth more discussion here, but it's a good
starting place.
Ditto for DKIM, and configuring postfix for both.
Ditto, indeed. SSL for client connections to Postfix can be handled
with a LetsEncrypt cert.
DKIM is well described here:
https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail
In sum, you add Opendkim to Postfix, which adds a crypto signature to
each outgoing mail. At the same time, you add a public DNS entry with a
key that can be used to check that crypto signature.
There's lots of great how-to articles out there for whatever distro
you're running, but it's fun to discuss here.
- - - - - - - - - - background - - - - - - - - - - - -
Over the years, I've accumulated many domains and URLs
on three web servers and multiple companies. I've spent
a few days simplifying and debugging all that.
Only a few days? That's lot of work!
After transferring dirvish to a new maintainer, I've
consolidated everything else onto one offsite virtual
server with one IP address. 14 domain names point at
that IP address, all with the same domain registrar.
Nice easy setup.
About half of the domains send email. For example, the
wiki websites notify page authors that their page has
been modified.
Without SSL certificates, some of the major email services
(like gmail) automatically route my outbound emails to user
spam folders. Not helpful.
I don't really understand SSL certificates, or DKIM, but
those can establish the bona fides of my mail server with
the big services. Both my name registrar and my virtual
server hosting provider offer free certs ... I think.
I got lazy and set up SendGrid as my outgoing email provider. I think
it even handles DKIM for me.
If I need more information, I can websearch the buzzwords
in the summaries, or pester the rest of you. The better
the summaries, the less the pestering.
Cheerful communication is what this list does well.
It's funny, I think the old basic how-to docs are eroding as systems
stuff gets more and more pre-canned and ready-to-eat.
Also folks, check in on your extroverts, they're hurting right now.
Regards,
Aaron
_______________________________________________
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug
