Mail Client und Zertifikate

  • @web4you


    We can add up to 100 SANs in one Let's Encrypt SSL certificate. However:

    • Postfix doesn't support SNI
    • Dovecot support SNI but it would be tedious to add one configuration entry per customer domain
    • There are also some mail clients which don't support SNI

    The best we can do is something like the following (this is planned for i-MSCP version 1.4.0 with next LetsEncrypt plugin version):

    • Set Postfix server hostname with something like: smtp.domain.tld
    • Set Ftp server hostname with something like: ftp.domain.tld
    • Add the following SANs in the services SSL certificate: ftp.domain.tld, smtp.domain.tld, imap.domain.tld, pop.domain.tld
    • Add the following entries in the Dovecot configuration file
    Code
    1. local_name imap.domain.tld {
    2. ssl_cert = </etc/imscp/imscp_services.pem
    3. ssl_key = </etc/imscp/imscp_services.pem
    4. }
    5. local_name pop.domain.tld {
    6. ssl_cert = </etc/imscp/imscp_services.pem
    7. ssl_key = </etc/imscp/imscp_services.pem
    8. }

    Note: Here I presume that a reverse DNS lookup would give smtp.domain.tld.


    BTW: The Let's Encrypt CA doesn't support issuance of wildcard SSL certificates but allow you to add up to 100 SANs perl SSL certificate.


    See also: https://en.wikipedia.org/wiki/Subject_Alternative_Name

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • The best we can do is something like the following (this is planned for i-MSCP version 1.4.0 with next LetsEncrypt plugin version)



    [...]


    Is this still planned? I am really looking forward to this feature

  • Is this still planned? I am really looking forward to this feature

    Sure but this will be postponed to later release because 1.4.x serie is almost ready and is almost focusing only on security such as removing plaintext password from database. See https://github.com/i-MSCP/imsc…ixes/docs/1.4.x_errata.md


    Thank you for your understanding.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • @gpeter73


    In the next LetsEncrypt plugin version that will be released soon, you'll be able, as administrator, to add up-to 100 SANs to the services SSL certificate. For the Dovecot configuration part, nothing will be changed. You'll have to modify the configuration file by yourself, best using a i-MSCP listener file to make your changes persistent. The most important thing there is the ability to setup additional SANs in the SSL certificate.



    Note: SANs = Subject Alternative Names

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • In an other Thread about Today 19th March as a release Date for the PlugIn.

    well, we are still on 19th ;)

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • Hallo liebe Community,


    funktioniert das LetsEncrypt-Plugin zufällig auch für EasySCP?


    Danke und schöne Grüße
    Daddy-Coool

  • Hallo liebe Community,


    funktioniert das LetsEncrypt-Plugin zufällig auch für EasySCP?


    Danke und schöne Grüße
    Daddy-Coool

    Nein!

    Support Infos: I-MSCP Version: 1.5.x / Distro: Debian Stretch / PHP: 7.1.27 - FPM / I-MSCP Plugins: Let´s Encrypt + PHPSwitcher (latest Versions)