Multiple SSL Certs not signed by the same key

Hey guys,

Sorry I couldn’t weigh in yesterday.

@ellisgeek Check out the files in /home/user-data/ssl. You can replace them as you need (including the private key) — just run mailinabox at the end to restart all of the necessary system services. The cert in that directory is for the box’s main hostname. Other domains the box knows about have subdirectories storing their certs. For the subdirectory domains, they by default use the same private key as the main cert (in /home/user-data/ssl) but you can create a file named private_key.pem (note it differs from the main private key) to provide a different private key for each domain if you need to. So e.g.:

/home/user-data/ssl/ssl_private_key.pem
-- private key for all certs (unless a domain-specific private key is given, see below)

/home/user-data/ssl/ssl_certificate.pem
-- certificate for box.yourdoamin.com (if a wildcard/multi-domain cert, will also be used for any domains it is good for)

/home/user-data/ssl/yourdomain.com/private_key.pem
-- if present, used as the private key for this domain (and, also, disables the automatic wildcard/multi-domain cert logic)

/home/user-data/ssl/yourdomain.com/ssl_certificate.pem
-- the certificate for this domain (if a wildcard/multi-domain cert is installed as the main cert and it is good for this domain, then this file will be ignored)

And, again, just be sure to run `mailinabox` after making changes, since many services will need to be restarted.
1 Like