Jump to content
Froxlor Forum

Question

Posted

Hi Froxlor team,

thank you for your great piece of software. I run a server with lots of different domains under the same IP. Currently, I manually create a LetsEncrypt certificate with a large number of alternate DNS names (automated via Cronjob). However, I would love to switch to Froxlor's built in LetsEncrypt feature. A couple of questions:

- I guess Froxlor creates a certificate for each domain and uses SNI in Apache2 configuration?

- Is there any SNI support for Postfix and Dovecot (planned)?

I could manually set the config files but don't want to change the configs every time I add or remove a domain.

If there is no support: Is there any other way to use the built in LetsEncrypt support with multiple domains?

 

(Reference for Dovecot / Postfix SNI configuration:)

See: https://doc.dovecot.org/configuration_manual/dovecot_ssl_configuration/#with-client-tls-sni-server-name-indication-support

and: https://www.postfix.org/postconf.5.html#tls_server_sni_maps

4 answers to this question

Recommended Posts

  • 0
Posted
3 minutes ago, nvindice said:

- I guess Froxlor creates a certificate for each domain and uses SNI in Apache2 configuration?

Sure

3 minutes ago, nvindice said:

- Is there any SNI support for Postfix and Dovecot (planned)?

froxlor itself currently does not plan to integrate this. Although the ssl-setup of dovecot/postfix is totally up to the admin as it does not interfer with the sql-integration

4 minutes ago, nvindice said:

I could manually set the config files but don't want to change the configs every time I add or remove a domain.

Cronjob/script -> froxlor api -> regen config -> reload service, should be possible

5 minutes ago, nvindice said:

If there is no support: Is there any other way to use the built in LetsEncrypt support with multiple domains?

Sure, the certificates are on the file-system in a settings-specified folder (or use /root/.acme.sh directly) for you to use elsewhere if needed

  • 0
Posted

Hi @d00p, thanks for your lightning fast reply. May I ask how you solve this on your own setups, eg. on your Cloud vServers?

Wouldn't Dovecot/Postfix SNI support be a great feature (making the manual configuration of mail server SSL unnecessary)? Or are there any issues I'm not aware of?

  • 0
Posted

The vm's hostname is the MX for all domains, if ssl-connection is wanted/required one just uses the vms fqdn as incoming/outgoing server (like you do with the big ones, e.g. office365, gmail, etc.)

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×
×
  • Create New...