I want a multi-domain certificate for my hostname/mailserver using LetsEncrypt


Enter Your Query:
Use '%' for wildcards and quotes for "exact phrases"


Top Level » SSL » Let's Encrypt

I want a multi-domain certificate for my hostname/mailserver using LetsEncryptLast Modified: Dec 21, 2016, 2:31 am
Exim and Dovecot do support multi-IP ssl certificates, but their setup can be a little bit tricky to try and maintain.

With LetsEncrypt, we can setup multi-domain certificates for the hostname, and mail domains, all in one value, to make managing SSL for mail a little simpler.

To do this, we use the letsencrypt.sh script normally, but we manually create the ca.san_config file, loaded with the values we want to use.

With LetsEncrypt 1.0.4+, we can specify all values on the command line, like this:

cd /usr/local/directadmin/scripts
./letsencrypt.sh request `hostname`,mail.domain.com,smtp.domain.com,www.domain.com,domain.com 4096





old method
  1. First, install a certificate for your hostname normally, so you get everything else setup correctly:
    https://help.directadmin.com/item.php?id=629

  2. Next, we'll edit the file:

    /usr/local/directadmin/conf/ca.san_config

    and edit the line that contains:

    subjectAltName=DNS:server.hostname.com

    and we'll change it by loading it up with all domains we want for exim and dovecot, eg:

    subjectAltName=DNS:server.hostname.com, DNS:mail.domain1.com, DNS:mail.domain2.com

    where you have a comma separated list, with a ", DNS:" prefixing each additional value.  If domain.com is already being used by LetsEncrypt but is created by the User in their SSL Certificates page, LetsEncrypt may throw an error, since we don't want to be managing the domain value in 2 different certs, hence I've just listed the mail.* domains for the extras... but you can use domain.com and www.domain.com here if you want, but then shouldn't be done at the User Level.
    IMPORTANTall value you add must resolve to your server.

  3. Request the certificate again, but now with the loaded ca.san_config file, eg:

    cd /usr/local/directadmin/scripts
    ./letsencrypt.sh request server.hostname.com 4096 /usr/local/directadmin/conf/ca.san_config



 
Related Helpfiles
Installing an SSL certificate for your hostname using LetsEncrypt
Change what imap/pop/smtp settings are shown to the User upon email creation

© 2018 JBMC Software, Suite 173  3-11 Bellerose Drive, St Albert, AB  T8N 1P7  Canada.  Mon-Fri 9AM-5PM MST