Hello,
Best wishes for 2024.
We use HAproxy as a TLS termination proxy for cyrus IMAP as it doesn't
support SNI. We did quite the same as
https://www.haproxy.com/blog/haproxy-ssl-termination. So we have a section:
frontend ft_imaps
bind *:993 ssl crt /etc/letsencrypt/pems/
mode tcp
default_backend bk_imap
And we generate in /etc/letsencrypt/pems/ all the certificates
imap.domain.com.pem. That works great. Thanks for this.
As certbot is generating certificates in
/etc/letsencrypt/live/imap.domain.com/ folders we were wondering if it
would be possible to use a variable in the bind directive like for example:
frontend ft_imaps
bind $server_name:993 ssl crt
/etc/letsencrypt/live/$server_name/fullchain.pem
mode tcp
default_backend bk_imap
Or something similar?
Thanks for your answers.
Bruno Thomas