On the topic of email certificate issues I’ve just noticed that the following guides have been added to the Bytemark documentation library:
The guides seem to suggest that the one-time changes will overcome the issue of having to use the FQDN or a generic domain to collect mail without ssl certificate mismatch issues.
Am I correct in assuming that the guide at the link below is now superseded by the above: https://docs.bytemark.co.uk/article/adding-an-ssl-certificate/
Are my assumptions correct?
Update from Bytemark:
Yes, for email certificates the older guide would be superseded, since you’d be
removing the reliance on /etc/ssl to find certificates (which could only be for one
domain), in favour of dynamically searching /srv/*/config/ssl/current/ (which can be
any domain you have setup in the /srv directory).
Just to bear in mind, if you add a new domain to your server in the future you’ll
need to run through the Dovecot guide again as it’s unfortunately not as intelligent
A tad unrelated, but the older guide may still prove useful if you were wanting to
change the certificate used by FTP TLS, as that’ll still rely on the /etc/ssl
directory to find a certificate.
Has anyone out there tried the new SNI guides? Are there any drawbacks?