On 24.04.22 02:45, Richard Hector wrote:
On 22/04/22 11:57, Joseph Tam wrote:
Keep in mind the subject name (CN or SAN AltNames) of your certificate
must match your IMAP server name e.g. if your certificate is
made for "www.mydomain.com", you'll have to configure your IMAP
clients to also use "www.mydomain.com" as the IMAP server name.
This typically means the web and IMAP server must reside on the
same server, otherwise you'll have to use DNS challenge method
to support multiple hostnames on the same certificate.
_A_ web server has to be there. It doesn't have to serve anything else
useful. My mail server has a web server that only serves the LE challenge.
Well, actually it's a proxy server that serves several other domains too,
but there's nothing else served on that domain (at the moment).
if it wasn't already mentioned in this thread:
acme.sh (https://github.com/acmesh-official/acme.sh) has a builtin
standalone webserver which can be used in such cases, there's no need for
an additional web server. And Certbot has this functionality too.
acme.sh is a very simple and stable solution - it's just a shell script, no
dependencies. I'm using it on a number of servers (together with
Apache/Nginx or with the builtin standalone mode on mail gateways) without
any problem.
Regards,
Markus
