Re: Multiple SSL-Certificates/Domains setup not working | Solved!

2018-02-23 Thread Gabriel Kaufmann 

Could you write step by step how you reach the goal?

2018-02-22 15:55 GMT+01:00 Gabriel Kaufmann >:


I've tried to create an certbot SAN-Cert with multiple domain-names 
and this worked like a charm using one cert for all! Thanks!



Shure :)

At first you should have a working Certbot of course. Setup for this 
depends on your Server-Setup of course. Certbot requires access due to 
"standalone-http(s)" mode of certbot or access through 
apache/nginx/haproxy (works as well if setup correctly). I'm using each 
of these variants.


Assuming you have a working setup and certbot-services can access your 
certbot service (running as http/s while certbot is running) the SAN 
setup is quit easy:



$> certbot -d domain1.com -d domain2.com -d domain3.com


if running in non-standalone mode (running apache/nginx) you can tell 
Certbot where the auth-tokens are stored to for external domain-approval:



-w /var/www/my-web-root
With the syntax given above the SAN-Cert for all given domains is stored 
in /etc/letsencrypt/live/domain1/


standalone-mode and web-root also can be configured in 
/etc/letsencrypt/cli.ini

(https://community.letsencrypt.org/t/lestencrypt-standalone-cli-ini/43465)

Best regards

Gabriel Kaufmann

Re: Multiple SSL-Certificates/Domains setup not working | Solved!

2018-02-22 Thread Travis Dolan 
I have gone down a similar path. Certbot uses the Lets Encrypt service to
manage the needed keys. I have found that using the following Bash tool to
manage the creation and validation of the needed certs works great.



We deploy Dovecot to AWS, as such we use userdata scripts to execute the above
mentioned tool



pushd /opt/  
sudo git clone https://github.com/Neilpang/acme.sh.git  
pushd acme.sh  
sudo --preserve-env ./acme.sh --install --accountemail 
domains@.com --certhome /opt/letsencrypt  
export AWS_ACCESS_KEY_ID=${LetsEncryptAccessKey}  
export AWS_SECRET_ACCESS_KEY=${LetsEncryptSecretKey}  
sudo --preserve-env ./acme.sh --issue \  
--dns dns_aws \  
--dnssleep 60 \  
--staging \  
-d mail.yourdomain.com

The above commands perform the following...

\- clone the tool

\- setup the tool

\- export API keys (hard to work around this with IAM only applied to the EC2
instance)

\- run the tool using the Lets Encrypt staging endpoints. This is important
since Lets Encrypt rate limits their production APIs, and since we deploy to
AWS often, we potentially request many certs.

\- the "--dns dns_aws" flag tells the tool to use DNS records to perform the
validation of ownership requests from Let Encrypt. TXT records are added, then
removed to the Hosted Zone of mail.yourdomain.com.

Upon successful execution of the tool both the ".csr", ".key" and fullchain
keys are available for use within Dovecot.

Note: These keys are only valid ~3 months, so this process does need to be
maintained. The author of the tool has included a CRON to aid in this.

Hopefully this help others.

  
On Feb 22 2018, at 10:58 am, Poliman - Serwis  wrote:  

> Could you write step by step how you reach the goal?  

>

>  

>

> 2018-02-22 15:55 GMT+01:00 Gabriel Kaufmann
<[maili...@typoworx.com](mailto:maili...@typoworx.com)>:  

>

>> I've tried to create an certbot SAN-Cert with multiple domain-names and
this worked like a charm using one cert for all! Thanks!

>>

>>  

>>  
>>  
>> Best regards

>>  
>> Gabriel Kaufmann

>

>  
  
  
\--  

>

> _Pozdrawiam / Best Regards  
_

>

> _Piotr Bracha_

Re: Multiple SSL-Certificates/Domains setup not working | Solved!

2018-02-22 Thread Poliman - Serwis 
Could you write step by step how you reach the goal?

2018-02-22 15:55 GMT+01:00 Gabriel Kaufmann :

> I've tried to create an certbot SAN-Cert with multiple domain-names and
> this worked like a charm using one cert for all! Thanks!
>
>
> Best regards
>
> Gabriel Kaufmann
>
>


-- 

*Pozdrawiam / Best Regards*
*Piotr Bracha*

Re: Multiple SSL-Certificates/Domains setup not working | Solved!

2018-02-22 Thread Gabriel Kaufmann 
I've tried to create an certbot SAN-Cert with multiple domain-names and 
this worked like a charm using one cert for all! Thanks!



Best regards

Gabriel Kaufmann

Re: Multiple SSL-Certificates/Domains setup not working

2018-02-18 Thread Robert Nowotny 
I understood that imap.example.org and imap.example2.org are reachable from the 
Internet via the same IP, right ?
In that case just extend the certificate (probably with certbot) with the 
second domainname.
yours sincerely 
Robert

Am 19. Februar 2018 03:41:18 MEZ schrieb Gabriel Kaufmann 
:
>I've tried setting up multiple SSL-Certificates (using letsencrypt) for
>
>dovecot on my ubuntu machine. Used dovecot version is 2.2.18.
>
>Regarding to official docs this should be working.
>
>My test-client (Thunderbird on linux) has been mentioned to be working 
>fine with SNI here:
>https://wiki.dovecot.org/SSL/SNIClientSupport
>
>https://wiki.dovecot.org/SSL/DovecotConfiguration#line-89
>
>> local_name imap.example.org {
>>ssl_cert = >ssl_key = > }
>> local_name imap.example2.org {
>>ssl_cert = >ssl_key = > }
>
>Did anyone have success on this (without using multiple IP per Domain)?
>
>-- 
>Best regards
>
>Gabriel Kaufmann

mit freundlichen Grüßen
Ing. Robert Nowotny
(von Mobile)

Multiple SSL-Certificates/Domains setup not working

2018-02-18 Thread Gabriel Kaufmann 
I've tried setting up multiple SSL-Certificates (using letsencrypt) for 
dovecot on my ubuntu machine. Used dovecot version is 2.2.18.


Regarding to official docs this should be working.

My test-client (Thunderbird on linux) has been mentioned to be working 
fine with SNI here:

https://wiki.dovecot.org/SSL/SNIClientSupport

https://wiki.dovecot.org/SSL/DovecotConfiguration#line-89


local_name imap.example.org {
   ssl_cert = 

Did anyone have success on this (without using multiple IP per Domain)?

--
Best regards

Gabriel Kaufmann