Re: Fwd: Dovecot, Load Balancing and SSL
l...@relay.gb.net writes: > I wonder if someone would provide me with some advice. I've been setting > up a couple of Postfix servers just for fun. I've got two Postfix > servers m1.domain.com and m2.domain.com. I can send and receive mail via > both of them. Ive also got Postfixadmin and RoundCube on them and I'm > replicating the database over both servers. > > I introduced a load balancer. Postfixadmin and Roundcube work perfectly. > However. When I send mail from Thunderbird. M1 reports that the > certificate does not match. It's expecting a certificate for > mail.domain.com. Complaints when you're sending mail? This is not Dovecot's problem, but Postfix's. If you're setting your SMTP outgoing to M1, then the certificate M1 uses have M1 as a subject. If you're setting the outgoing mail server as "mail.domain.com" load balanced to M1/M2, then both your Postifx servers need to use the same certificate with "mail.domain.com" as a subject. Simple as that. Joseph Tam ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Fwd: Dovecot, Load Balancing and SSL
leon--- via dovecot skrev den 2024-04-03 22:21: Does anyone have any suggestions for this? certbot --apache -d m1.domain.tld -d m2.domain.tld after this is done you have it ready to be renewed, if you need more loadbalancers add more -d hostnames put this cert on all loadbalancers so its in sync on all what problems is remaining ? :) ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Fwd: Dovecot, Load Balancing and SSL
Hi, I got around this by setting my mail.domain.com A record to the M1 mail server and requesting a new certificate but by combining all domains into one certificate with certbot certonly -d m1.domain -d mail.domain -d webmail.domain -d mail.domain -d mail.domain -d mail.domain.com --cert-name m1.domain.com But this won't help for long because in three months I will need to renew the certificate and the A record for mail.domain.com will be pointing to my balancer. So I don't think it will renew. Does anyone have any suggestions for this? ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Dovecot, Load Balancing and SSL
Hi Everyone!
I wonder if someone would provide me with some advice. I've been setting
up a couple of Postfix servers just for fun. I've got two Postfix
servers m1.domain.com and m2.domain.com. I can send and receive mail via
both of them. Ive also got Postfixadmin and RoundCube on them.
I introduced a load balancer. Postfixadmin and Roundcube work perfectly.
However. When I send mail from Thunderbird. M1 reports that the
certificate does not match. It's expecting a certificate for
mail.domain.com.
On M1 I thought I would try to specify the location of the SSL when
using mail.domain.com. I placed the certificate in the NAS and specified
it in the 10-ssl file. I did this as per the docs.
mail.domain.com
local_name mail.domain.com {
ssl_cert = It doesn't work. And I'm not entirely sure why M2 works and M1 doesn't.
As far as I can see I haven't specified or placed a certificate for
mail.domain.com on M2 and searching my bash history doesn't produce
anything related to mail.domain.com.
So how can I load balance email connections over my two servers without
getting a damn certificate warning?
Any help would be much appreciated.
Thanks.
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
Fwd: Dovecot, Load Balancing and SSL
Hi Everyone!
I wonder if someone would provide me with some advice. I've been setting
up a couple of Postfix servers just for fun. I've got two Postfix
servers m1.domain.com and m2.domain.com. I can send and receive mail via
both of them. Ive also got Postfixadmin and RoundCube on them and I'm
replicating the database over both servers.
I introduced a load balancer. Postfixadmin and Roundcube work perfectly.
However. When I send mail from Thunderbird. M1 reports that the
certificate does not match. It's expecting a certificate for
mail.domain.com.
On M1 I thought I would try to specify the location of the SSL when
using mail.domain.com. I placed the certificate in the NAS and specified
it in the 10-ssl file. I did this as per the docs.
mail.domain.com
local_name mail.domain.com {
ssl_cert = It doesn't work. And I'm not entirely sure why M2 works and M1 doesn't.
As far as I can see I haven't specified or placed a certificate for
mail.domain.com on M2 and searching my bash history doesn't produce
anything related to mail.domain.com.
So how can I load balance email connections over my two servers without
getting a damn certificate warning?
Any help would be much appreciated.
Thanks.
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
