Jump to content
Froxlor Forum
  • 0

LetsEncrypt & SNI Support


nvindice
 Share

Question

Hi Froxlor team,

thank you for your great piece of software. I run a server with lots of different domains under the same IP. Currently, I manually create a LetsEncrypt certificate with a large number of alternate DNS names (automated via Cronjob). However, I would love to switch to Froxlor's built in LetsEncrypt feature. A couple of questions:

- I guess Froxlor creates a certificate for each domain and uses SNI in Apache2 configuration?

- Is there any SNI support for Postfix and Dovecot (planned)?

I could manually set the config files but don't want to change the configs every time I add or remove a domain.

If there is no support: Is there any other way to use the built in LetsEncrypt support with multiple domains?

 

(Reference for Dovecot / Postfix SNI configuration:)

See: https://doc.dovecot.org/configuration_manual/dovecot_ssl_configuration/#with-client-tls-sni-server-name-indication-support

and: https://www.postfix.org/postconf.5.html#tls_server_sni_maps

Link to comment
Share on other sites

4 answers to this question

Recommended Posts

  • 0
3 minutes ago, nvindice said:

- I guess Froxlor creates a certificate for each domain and uses SNI in Apache2 configuration?

Sure

3 minutes ago, nvindice said:

- Is there any SNI support for Postfix and Dovecot (planned)?

froxlor itself currently does not plan to integrate this. Although the ssl-setup of dovecot/postfix is totally up to the admin as it does not interfer with the sql-integration

4 minutes ago, nvindice said:

I could manually set the config files but don't want to change the configs every time I add or remove a domain.

Cronjob/script -> froxlor api -> regen config -> reload service, should be possible

5 minutes ago, nvindice said:

If there is no support: Is there any other way to use the built in LetsEncrypt support with multiple domains?

Sure, the certificates are on the file-system in a settings-specified folder (or use /root/.acme.sh directly) for you to use elsewhere if needed

Link to comment
Share on other sites

  • 0

Hi @d00p, thanks for your lightning fast reply. May I ask how you solve this on your own setups, eg. on your Cloud vServers?

Wouldn't Dovecot/Postfix SNI support be a great feature (making the manual configuration of mail server SSL unnecessary)? Or are there any issues I'm not aware of?

Link to comment
Share on other sites

  • 0

The vm's hostname is the MX for all domains, if ssl-connection is wanted/required one just uses the vms fqdn as incoming/outgoing server (like you do with the big ones, e.g. office365, gmail, etc.)

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share



×
×
  • Create New...