If you add an ssl certificate to the domain alias, then when connecting to imap ports, only it will always be given:
add main domain: @domain.com
add alias domain: @alias.com
add another domain: @domain2.com
install ssl certificates "/opt/zextras/libexec/zmdomaincertmgr savecrt" for mail.ALIAS.com and other virt domains
After that:
openssl s_client -connect mail.domain.com:993 -> SSL of mail.ALIAS.com
openssl s_client -connect mail.alias.com:993 -> SSL of mail.ALIAS.com
openssl s_client -connect mail.domain2.com:993 -> SSL of mail.ALIAS.com
it's nomarly or its error becouse the proxy server doesn't choose the right certificates?
And at the same time:
openssl s_client -connect mail.domain.com:443 -> SSL of mail.domain.com
openssl s_client -connect mail.alias.com:443 -> SSL of mail.alias.com
openssl s_client -connect mail.domain2.com:443 -> SSL of mail.domain2.com
It seems that the proxy server does not correctly choose the certificate for IMAP/POP3 and correctly for HTTP ...
I have the same problem with my Carbonio install. Any suggestions?
Carbonio doesn't work that way. It doesn't do SNI for domain for POP and IMAP.
So you have two ways to deal with it:
1 - do a root certificate with all domains on it. It' works great but can be quite tough to manage, specially if you have many domains getting added and removed constantly like in Mail Providers;
2 - point all your customers to use the main root hostname on their clients. This is how I do it: certificates for them to access the webmail fine on their domains, but all e-mail clients like Outlook, Thunderbird and mobile have to you my main hostname to connect.
You may want to join us in Telegram: https://www.anahuac.eu/carbonio-adding-a-signature/
Regards