Thank you for the information Joel, very helpful! We've started doing the exact same thing actually, with good ol' ssl_certificate_by_lua, until we realized this wouldn't work with STARTTLS/STLS.
We'd like that to work though and we can't seem to find a solution if Dovecot can't smoothly handle SNI at scale. -- Pierre Allétru 06 70 55 08 35 [email protected] Le jeu. 3 nov. 2022, 14:32, Joel A. Chornik <[email protected]> a écrit : > What we do is have openresty(nginx) sit as a reverse proxy on top of > dovecot, and use lua to dynamically load certificates using sni. > > We have a large userbase (100k+) and works without issues, except that it > does not work with STARTTLS, only IMAP+TLS. Has not been an issue, as we > setup users using autodiscover/autoconfig or as a fallback it is the > default config in most user agents. > > Hope it helps > Joel Chornik > > > > > On 3 Nov 2022, at 10:24, Pierre Allétru <[email protected]> > wrote: > > > > Pierre Allétru >
