From 0074361c0507d2a1fd054b437f793f5b6dcc319c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Peters?= Date: Sun, 13 Sep 2020 21:41:04 +0200 Subject: [PATCH] Update firststeps-ssl.md --- docs/firststeps-ssl.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/firststeps-ssl.md b/docs/firststeps-ssl.md index 705f1343e..8422c0b44 100644 --- a/docs/firststeps-ssl.md +++ b/docs/firststeps-ssl.md @@ -74,7 +74,8 @@ This provides best compatibility but means the Let's Encrypt limit exceeds if yo To solve this, you can configure `ENABLE_SSL_SNI` to generate: * A main server certificate with `MAILCOW_HOSTNAME` and all fully qualified domain names in the `ADDITIONAL_SAN` config -* One additional certificate for each domain found in the database with autodiscover.*, autoconfig.* and any other `ADDITIONAL_SAN` configured in this format (subdomain.*) +* One additional certificate for each domain found in the database with autodiscover.*, autoconfig.* and any other `ADDITIONAL_SAN` configured in this format (subdomain.*). +* Limitations: A certificate name `ADDITIONAL_SAN=test.example.com` will be added as SAN to the main certificate. A separate certificate/key pair will **not** be generated for this format. Postfix, Dovecot and Nginx will then serve these certificates with SNI.