Thank you for answer. I see that link for Perfect Server is not attached. Here is the link https://www.howtoforge.com/tutorial/perfect-server-ubuntu-16.04-with-apache-php-myqsl-pureftpd-bind-postfix-doveot-and-ispconfig/2/ Each lets encrypt ssl cert is generated by ISPconfig3. I am affraid when I generate one lets encrypt cert for all domains I will break cert generation from ISPconfig panel. Besides how to connect this way generated cert to postfix?
2018-05-25 14:57 GMT+02:00 Matus UHLAR - fantomas <uh...@fantomas.sk>: > On 25.05.18 12:41, Poliman - Serwis wrote: > >> I have server created based on Perfect Server tutorial for Ubuntu 16.04. >> Is it possible to assign to postfix/dovecot as many lets encrypt ssl certs >> as possible? >> > > why? is it a problem to generate single Let's Encrypt certificate for > multiple domains? > > I have 20 domains on the server but postfix uses ispserver.crt >> and ispserver.key certs generated by letsencrypt: >> >> lrwxrwxrwx 1 root root 48 Mar 13 07:42 smtpd.cert -> >> /usr/local/ispconfig/interface/ssl/ispserver.crt >> lrwxrwxrwx 1 root root 48 Mar 13 07:42 smtpd.key -> >> /usr/local/ispconfig/interface/ssl/ispserver.key >> >> which are from: >> >> lrwxrwxrwx 1 root root 50 Nov 3 2017 ispserver.crt -> >> /etc/letsencrypt/live/s1.example.net/fullchain.pem >> lrwxrwxrwx 1 root root 48 Nov 3 2017 ispserver.key -> >> /etc/letsencrypt/live/s1.example.net/privkey.pem >> >> >> For each domain except server fqdn I have certificate mismatch in mail >> client. Sending emails works but I would like to fix certs mismatch. >> > > unless you have multiple IP addresses on your server (in which case you can > configure multiple smtpd services on them, each one with different > certificate), you will need server-side SNI (server name indication) on > postfix then. > > other trick I have noticed is to use SNI-capable reverse SSL proxy. > > -- > Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ > Warning: I wish NOT to receive e-mail advertising to this address. > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > (R)etry, (A)bort, (C)ancer > -- *Pozdrawiam / Best Regards* *Piotr Bracha*
