View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions How do I apply 1 cert to 2 virtual domains on one server?
Log in to Ask a Question

How do I apply 1 cert to 2 virtual domains on one server?

email

I just worked through the Postfix/Dovecot tutorial (can't give it enough accolades for how well written it was) and now have my mail server system set up running two domains on a single Linode instance with a single IP. I would like to get one of those free level 1 certificates (or a cheap commercial one for $10/year or so) to eliminate the headaches of server validation errors/warnings.

However, I have 2 different virtual domains and from what I understand, you need to embed a domain name in your cert. So, it would seem that my single cert configuration won't work (without an expensive wildcard cert). I really don't want to have to set up 2 separate postfix installations if at all possible. I found one blurb online about setting up a separate IP on my Linode instance and virtually binding each domain name to each, but that looks pretty advanced and is way beyond my understanding of postfix (which I'm hoping is where changes would solely need to be made). Does anyone know of what options I have and how to get there?

Note, if I'm going to bother with a chained commercial/free cert then I want a configuration that will no longer cause certificate warnings, so please keep that in mind.

2 Replies

On the Postfix side (mail submission), it appears as though only one certificate can be configured. One could have a single certificate with multiple Subject Alternative Names, but it would be up to mail clients to decide whether they would accept this or if they only look at the common name (which doesn't seem to be clear). You may just have to do some testing to see how various clients behave.

As you note, setting up multiple Postfix instances is an option but requires an extra IP address for each one and special configuration.

For mail retrieval by clients, that would be handled by Dovecot. I'm not familiar with it, but it looks like it supports Server Name Indication in addition to multiple IP addresses. Again, mail client behavior is the main question.

How does it work out if you use virtual email users that all connect to a single mail server name?

I've done this with my domains, they all send and receive mail from the one server name (server.insertyourdomainnamehere.comnetwhatever), but all users log in as virtual users.

Mail for local accounts (for logwatch, etc) are forwarded to a virtual user.

I'm not using certificates (unless postfix / dovecot created one self-signed one when it was installed), or are we talking client certificates to validate mail user login to avoid passwords?

Which probably means this is not relevant.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct