Wilcard.domain.tld on fresh install

Hello All

i’m a new user of MAIB, i was using until few days ago 1 emails server solution with my NAS Synology.
i wanted to change because of Reverse DNS issue with ISP Provider and because Synology Packages are not up to date.

so long life to MIAB, install is very user friendly.

1 bought earlier 1 wildcard SSL Certificat for 1 of the several domains that are hostaed on NAS
i wish to use it on now MIAB.

in MIAB /admin > System > TLS Certificates, i cannot select any listed wished domain with *.domain.tld, it is box.domain.tld, domain.tld, adns so on, but not *.domain.tld

how can i import the wildcard SSL Certificat i was using before ?
i have private key , CSR et CRT.

many thanks in advance for your precious help.

Best regards

The simple answer is that you cannot. MiaB is configured to use certificates obtained from Let’s Encrypt at no charge. Doing otherwise is an unsupported modification.

Hello alento

i thank you for your feedback.

i can understand that MAIB uses by default let’s encrypt certificate, but we could also be able to used wildcard by doing additionals manuals steps.

using 1 private email server has costs like Mail In A Box : domain registar, VPS, we could also use 1 SSL Certificate outside from Let’s Encrypt.

how was it managed before Let’s Encrypt
maybe 1 evolution for 0.44 version :slight_smile:

what a pity

best regards

MIAB requires you to to have a certificate for the box. If you don’t want to pay for one, the default for MIAB is to use Let’s Encrypt to generate it for you. If you do want to pay for one, you can generate a certificate for any domain whose DNS is being handled by the box. You’d need to then take the CSR request provided by the box and register your cert with that CSR.

So if you’re not seeing the domain you list, I’m guessing you are using external DNS. If you want to use your paid-for certificate in MIAB, you’ll have to use MIAB to handle your DNS for that domain.

What I’m having a hard time understanding is why you would want to do any of this when the simplest solution is to let MIAB do what it is designed to do: be an all in one solution for hosting your mail, INCLUDING handling the SSL certs for your mail domains.

It’s perfectly ok to have multiple sets of SSL Certs for domains. So let your wild card cert that you paid good money for handle the certs for your website and other things not hosted on the same box as MIAB, and let MIAB generate the certs for itself.

What exactly are you seeing as a detriment here?

hello blinkingline,

thanks also for your feedback.

i bought earlier 1 wilcard SSL Certificat, so i can use it for every .domain.tld on every server that are in my scope : webmail, www, ftps, and so one.
i do not put every functionality on same server, they are splitted (not all eggs on same basket).
also CNAME DNS Entries are also usable, as “webmail” which is used instead of “box”.

ok it works with Let’s Encrypt but my wildcard is according to me more ‘serious’ and it is common for all my subdomains, with 2 years of existence where Let’s Encrypt renew every 90 days (evenif it is done automaticaly). i should be able to use it also on MAIB.

MIAB is for mails, that’s all.

Best regards

You CAN use it on MIAB, but as Alento stated earlier, it’s an unsupported modification, and as any other user of MIAB who makes unsupported modifications is well aware, you will have to reapply the modification when MIAB updates.

At this point you have four choices:

  1. Contribute to the MIAB project and submit your change via GitHub.
  2. Apply your modification with the knowledge that you will have to re-apply the modification when upgrading.
  3. Use MIAB as it was intended, providing its own certificate via Let’s Encrypt (Note that this is also how MIAB’s “competitors” Mailcow and iRedMail implement SSL).
  4. Find an alternative to MIAB that better suits your needs.
1 Like