Closed krejcar25 closed 2 months ago
INVALID
Hi Amelie, thanks for your proposals!
I'm closing this issue for now: as you pointed out, there are ongoing discussions on community and we are still far from implementation (https://nethserver.github.io/ns8-core/development_process/#issues).
Please join those discussions!
At this moment a certificate from Traefik (as far as I understood) is used for TLS communication with Postfix & Dovecot servers. However the address used is often different from the hostname of the mail system. A user might want to use
mail.example.com
for access but the server itself might be on hostnameserver1.example.com
. Multiple domains might be hosted on the same server, further proving this with, for user convenience, having amail.example.net
domain.Proposed solution
The Mail app Settings interface should contain a section where names can be configured that are used to access the mail system, which would then be used to request the certificate. A simple textarea element where each line is one SAN in the certificate should be enough IMO.
Alternative solutions
The Mail app Settings interface might include a section administrators can select which certificate of the ones Traefik currently has should be used instead of selecting it without user input. This would come paired with the ability to request a certificate from the configured ACME server (eg. Let's Encrypt) with multiple SANs, maybe simply by delimiting the domains with a comma or a space.
See also