Copying SSL to Dovecot for one virtual server changes certificate for all?

I've got numerous virtual servers, some with SSL certs, some without. When I copy the certificate to Dovecot in one virtual server, all the other virtual servers with SSL certificates change their Dovecot certificate settings to the one I've just copied. This creates a problem when trying to receive emails as the email browser errors, saying the certificate is from another site. I'm copying the certificate details by selecting the virtual server then Server Configuration --> Manage SSL Certificate --> Current Certificate | Copy to Dovecot

Any ideas why it changes globally instead of locally?

Comments

Howdy -- unfortunately, Apache is the only service on your system that can have more than one SSL certificate per IP address.

For services such as Dovecot, it only supports one SSL certificate per IP address on your server.

That means that if your domains are sharing an IP address, they'd also need to share an SSL certificate in Webmin, Dovecot, and Usermin.

I have multiple IP addresses. If I set up the cert on a shared IP address then copy to Dovecot it changes it globally (ie to all IP addresses, even those with SSL certs). If I try to copy the Dovecot on a virtual server with it's own IP and certificate, it also changes it globally. Is there another setting somewhere that I've missed?

I'm still having this issue and can't see where the problem lies. For example, I have 3 domains with their own dedicated IP addresses and their own SSL certs (2 x LetsEncrypt 1 x AlphaSSL). When browsing to each site the correct certificate is picked up. However, whichever SSL cert I copy to Dovecot becomes the master and eliminates the others creating issues when collecting mail (ie The last SSL cert copied to Dovecot is read as the certificate for all SSL accounts even those each has their own dedicated IP). Does that help isolate the issue?

Yeah we unfortunately may need Jamie's help on this one, I'm not quite sure what's going on, that does sound like it could be a bug.

Jamie, do you have any thoughts as to what's going on with SSL in this user's setup here?

The "Copy to Dovecot" button will copy the domain's cert to be the default for IMAP connections. However, if you go to System Settings -> Virtualmin Configuration -> SSL settings and change "Copy per-IP SSL certificates to Dovecot?" to "Yes", any domain with SSL and it's own IP will get a separate Dovecot cert for just connections to that IP. Which sounds like what you want...

Thanks Jamie but "Copy per-IP SSL certificates to Dovecot?" is already checked as "Yes". This appears to be a continuation of a bug issue I had in March last year which we were discussing (https://www.virtualmin.com/node/40090). I had to check the "No" button for "Copy per-IP SSL certificates to Postfix?" back then as a quick fix but now that I'm adding SSL certs to the IP dedicated virtual servers, it's becoming problematic.

Would it be possible for you to attach your Dovecot config files to this bug report? It sounds like Virtualmin is setting up the per-IP cert wrongly, and I want to know why ..

The comments pane doesn't appear to let me attach a file. Which Dovecot config files do you want? Just the /etc/dovecot/dovecot.conf one? I could just copy & paste it in if you like.