Hello, I have five domains that I’ve already gotten certificates for, and all of which are working on a single IP server (CentOS 7, Nginx) (all LetsEncrypt certs working fine via https for each domain setup via nginx), which I installed using certbot via using :
certbot certonly -a webroot --webroot-path=/home/test1/public_html -d test1.com -d www.test1.com
certbot certonly -a webroot --webroot-path=/home/test2/public_html -d test2.com -d www.test2.com
certbot certonly -a webroot --webroot-path=/home/test3/public_html -d test3.com -d www.test3.com
commands then creating symbolic links to virtual host directories for convenience.
I’ve recently installed Postfix and Dovecot, and activated SSL/TLS - STARTTLS, which works fine for a single one of those domains as I can only add a single cert and key to these… is it possible to chain these certs and keys up to get SSL working for all my domains in postfix/dovecot or not? If yes then I’d appreciate on an answer as to how…
which generates a cert but it doesn’t seem to work, as trying to access email@example.com, thunderbird pops up a “security exception” saying that the certificate belongs to another site (test1.com), Wrong site error.
p.s. I know how to do this with multiple IP’s that isn’t my question.
90 days remaining 4096 bit sha256WithRSAEncryption
Let's Encrypt Authority X3
1603 days remaining 2048 bit sha256WithRSAEncryption
DST Root CA X3 (Certificate is self-signed.)
1800 days remaining 2048 bit sha1WithRSAEncryption
Common Name (CN) test1.com
I’m using Thunderbird 45.4.0
If the command to generate a single certificate for multiple domains I posted above is correct then perhaps I should try deleting the existing certificates and repeating…
This text from the ssl-tools.net test suggests to me that somehow the host you asked it to connect to has a different name from any of those in the certificate. Because you've chosen to hide the actual names (at least I guess you do not in fact own these unusual test1.com through test5.com domains) it's hard to draw any useful conclusion. Can you just tell us the actual names involved ?
I doubt that deleting a certificate and trying again will achieve anything unless you understand what went wrong the first time.