How can I correctly assign SSL certificates ( let`s Encrypt) to the interfaces for API and TLS?

E

Erwin Iglhaut

New Member
Proxmox Subscriber
Jul 4, 2024
3
0
1
I have set up and assigned certificates with Let`y Encrypt for both interfaces TLS (mail.mydomain.com) and API (pmg.mydomain.com). The hostname is pmg and fqdn-name ist pmg.mydomain.com. Access for the web interface is good because hostname and fqd-name are correctly mapped in the certificate.
When sending and receiving mail, SMTP uses the TLS certificate (mail.mydomain.com) but the system responds with the hostname pmg.mydomain.com and this is not covered by the certificate.
Can I manually change the fqdn name for the SMTP service?


Translated with DeepL.com (free version)
 
Erwin Iglhaut said:
Can I manually change the fqdn name for the SMTP service?
Click to expand...
you could change the hostname of your PMG:
https://pmg.proxmox.com/wiki/index...._Proxmox_Mail_Gateway#Changing_Hostname_or_IP

else you can adapt the relevant settings in the postfix configuration using the templateing system:
https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmgconfig_template_engine

But in general I don't think that a mismatch between the SMTP banner and the certificate CN and SANs will cause issues.
 
Hello Stoiko,

by default, the FQDN from /etc/hosts or /etc/hostname is used both in theSMTP banner and for the user report (as a hyperlink for direct access). However, I cannot get the Let`s Encrypt certificate for both interfaces but have to choose different names.
I also prefer to assign one Let`s Encrypt certificate for both interfaces - API and TLS, but it`s not possible.

Best regards
Erwin
 
Erwin Iglhaut said:
by default, the FQDN from /etc/hosts or /etc/hostname is used both in theSMTP banner and for the user report (as a hyperlink for direct access). However, I cannot get the Let`s Encrypt certificate for both interfaces but have to choose different names.
Click to expand...
Which interfaces?!

Erwin Iglhaut said:
I also prefer to assign one Let`s Encrypt certificate for both interfaces - API and TLS, but it`s not possible.
Click to expand...
This is possible using the GUI - (GUI->Configuration->Certificates->ACME-><Domain> - there you click edit and in the Usage combobox you need to select both API and SMTP

I hope this helps!
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back