https://wiki.dovecot.org/SSL/DovecotConfiguration#Different_certificates_per_IP_and_protocol
says:
local 192.0.2.10 { # instead of IP you can also use hostname, which will
be resolved
However if the name resolves to multiple values only one is used.
Test.
Choose any name with multiple values, I created a local name:
$ nslookup multi.lan
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: multi.lan
Address: 192.168.1.2
Name: multi.lan
Address: 192.168.1.3
Name: multi.lan
Address: 192.168.1.1
Minimal dovecot.conf:
local multi.lan {
protocol imap {
ssl_cert = </path/to/certs/multi.lan.crt
ssl_key = </path/to/certs/multi.lan.key
}
}
$ dovecot -n -c dovecot.conf
# 2.3.5 (513208660): dovecot.conf
...
local 192.168.1.2 {
protocol imap {
ssl_cert = </path/to/certs/multi.crt
ssl_key = # hidden, use -P to show it
}
}
Only 192.168.1.2 appears.
In my real case with A and AAAA records, only the AAAA record is used.
Testing with "openssl s_client -starttls imap ..." gives me the wrong
certificate for the IPv4 address. Workaround: specify all addresses and
do not use lookup.
James.
