Hello,

Best wishes for 2024.

We use HAproxy as a TLS termination proxy for cyrus IMAP as it doesn't support SNI. We did quite the same as https://www.haproxy.com/blog/haproxy-ssl-termination. So we have a section:

frontend ft_imaps
    bind *:993 ssl crt /etc/letsencrypt/pems/
    mode tcp
    default_backend bk_imap

And we generate in /etc/letsencrypt/pems/ all the certificates imap.domain.com.pem. That works great. Thanks for this.

As certbot is generating certificates in /etc/letsencrypt/live/imap.domain.com/ folders we were wondering if it would be possible to use a variable in the bind directive like for example:

frontend ft_imaps
    bind $server_name:993 ssl crt /etc/letsencrypt/live/$server_name/fullchain.pem
    mode tcp
    default_backend bk_imap

Or something similar?

Thanks for your answers.

Bruno Thomas


Reply via email to