4 posts / 0 new
Last post
#1 Thu, 09/05/2019 - 05:41

ssl certs

I'm confused to the wording of this

"Use this certificate in Webmin, so that it is the default presented to admins accessing the Virtualmin web user interface on port 10000."

Use this certificate in Dovecot for SSL-protected IMAP and POP3 connections.


So if i have 6 virtual servers, does that button apply to virtual server 1 or all six ?

Thu, 09/05/2019 - 08:14

NO, copying that cert only applies to dovecot mail connections. All users will connect to the main server's mail domain. They wont connect to their own domain to check mail.

example. If the mail server is called mail.host.com. All virtual server users will check mail at mail.host.com, they will not check mail at userdomain.com.

Although I think there's way to set up 1 cert per mail domain... but never done it that way.

Thu, 09/05/2019 - 12:43

Ok i'm still confused. my users use imap alot

For the mail cert they are seeing imap.example.com and email address as postmaster@example.com on the cert details, which would indicate lets encrypt even though its installed for that domain.

I susspect i've not set the right button.

i have a dns domain with lets encrypt and all the standard domain accounts with the let encrypt ssl cert

Should i add mail.actual.com as well for the domain ssl lets encrypt?

Thu, 09/05/2019 - 15:00

The way I do it is the mail server has its own hostname, lets say mail.mainhost.com with a certificate (postfix and dovcot) and all users connect to the mail server. Doesn't matter what the user domain is or whether or not their domain has a certificate. The mail server handles all mail for all domains on the box.

To check mail, users connect to mail.mainhost.com with imap/pop. They would not connect to mail.user-domain.com.

MY previous "NO" isn't actually right. Technically copying that cert to dovcot affects and works for all 6 domains. But in actually, its just 1 cert for the mail server and has nothing to do with certs for domains/virtual servers. No you dont need mail.actual.com for each domain. Separate mail server settings and user-domain settings in your head. They are completely unrelated. Well not really but virtualmin handles the go between.

Same goes for your first question about webmin. Copy that cert to webmin should be yes. users will connect to mainhost.com:10000 to administer their stuff and it will be a valid cert. If users connect to user-domain.com:10000, they will see an invalid cert unless they specify https://.

Topic locked