I'm not sure if one can create a multi-domain (different domains, not
different hosts in a domain) certificate using certbot.
Qmail at present only uses on certificate.
On 5/13/2022 4:03 AM, Cinghiuz wrote:
Hi!
In my mail server with Rocky Linux 8 run multiple domains and I
generated certificates with Letsencrypt following the guide, but I
have a doubt and a question.
THE DOUBT:
For example I have domain1.com and domain2.com
I do this to generate the certificate for the first domain:
certbot --apache -d domain1.com -d mail.domain1.com
cp -p /var/qmail/control/servercert.pem
/var/qmail/control/servercert.pem.bak
cat /etc/letsencrypt/live/domain1.com/privkey.pem
/etc/letsencrypt/live/domain1.com/fullchain.pem >
/var/qmail/control/servercert.pem
Then I do this to generate the certificate for the second domain:
certbot --apache -d domain2.com -d mail.domain2.com
But if I do this:
cp -p /var/qmail/control/servercert.pem
/var/qmail/control/servercert.pem.bak
cat /etc/letsencrypt/live/domain2.com/privkey.pem
/etc/letsencrypt/live/domain2.com/fullchain.pem >
/var/qmail/control/servercert.pem
I will replace the certificate for domain1 in qmail.
The only solution is to create a "combined" certificate like this:
certbot -d domain1.com mail.domain1.com domain2.com mail.domain2.com
Is this procedure correct or there is a better way to have a distinct
certificate for each domain?
THE QUESTION:
If for any reasons domain2.com point to IP A because the web server
runs on another machine and mail.domain2.com point to IP B of the mail
server, I can't do this:
certbot -d domain1.com mail.domain1.com domain2.com mail.domain2.com
because "domain2.com" doesn't point to the server with certbot
installed, so to renew/extend the certificate I have to do this:
certbot -d domain1.com mail.domain1.com mail.domain2.com
But when someb...@domain2.com logs on webmail or via email client, the
certificate for mail.domain2.com it's enough?
THANKS A LOT to people that will take time to read this email :-)
Cesare
---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
