DEPRECATED!!! Use mail_sni instead of dovecot_sni:
mail_sni for dovecot and exim sni certificates
TO ENABLE SNI for per-domain in DirectAdmin Server
The dovecot_sni and exim_sni options will be deprecated from the directadmin.conf, and replaced with a single option:
mail_sni=0
which is the internal default.
To enable it in your directadmin.conf nano /usr/local/directadmin/conf/directadmin.conf set:
mail_sni=1
secure_access_group=access should be enabled in the directadmin.conf, so that the certificates are chmod to 640 with group "access", so "mail" (within the access group) can read them.
Go to the:
User Level -> SSL Certificates
and if you currently have a pasted cert/key, simply hit “save” to regenerate the dovecot config for that domain.
Then setup the configs:
cd /usr/local/directadmin/custombuild
./build update
./build dovecot_conf
TASK QUEUE
To generate snidomains file:
echo "action=rewrite&value=snidomains" >> /usr/local/directadmin/data/task.queue
If you want to tell all live SSL domains to have their dovecot configs written, type;
echo "action=rewrite&value=mail_sni" >> /usr/local/directadmin/data/task.queue
echo "action=rewrite&value=mail_sni&domain=domain.com" >> /usr/local/directadmin/data/task.queue
this will recreate the sni/domain.com.conf for each SSL domain, plus one for the system hostname.
It will use the /etc/virtual/domainowners, to go through each domain, each cert, and remove any existing *:user:domain.com entries from snidomains, and re-add whatever is presentAfter this verify your domain mail server ssl using
https://www.sslshopper.com/ssl-checker.html#hostname=mail.hostmayo.com