Can I host more than one certificate on a single Citadel server?  

That is, can I host    xxx.yyy.com     and    aaa.bbb.com    on the same server just by installing more than one certificate/key pair?

if your server can be seen by multiple domains, you can use let's encrypt to request a certificate with multiple domains in it... then just have it be created in /usr/local/citadel/keys i think. it has to be named whatever.crt and whatever.key and they have to have permission for read and write and be owned by whatever user you set up to run citadel. at that point, you can simply add in hostnames to your let's encrypt config and magically have them be supported... at least that's how mine works. ^v^

Can I host more than one certificate on a single Citadel server?  

That is, can I host    xxx.yyy.com     and    aaa.bbb.com    on the same server just by installing more than one certificate/key pair?

So instead of something like multi-hosts or SNI, I'll simply need a cert with all the domains supported listed as SANs, correct?

So if I have xxx.com, and yyy.com, when an email comes to xxx.com, will it only be seen by someone having and email, ex.  joe@xxx.com and not also the same joe@yyy.com???

Tue Aug 09 2022 12:25:45 EDT from mrsfeathers Subject: Re: Is Citadel multi-tennant?

if your server can be seen by multiple domains, you can use let's encrypt to request a certificate with multiple domains in it... then just have it be created in /usr/local/citadel/keys i think. it has to be named whatever.crt and whatever.key and they have to have permission for read and write and be owned by whatever user you set up to run citadel. at that point, you can simply add in hostnames to your let's encrypt config and magically have them be supported... at least that's how mine works. ^v^

So instead of something like multi-hosts or SNI, I'll simply need a cert with all the domains supported listed as SANs, correct?

So if I have xxx.com, and yyy.com, when an email comes to xxx.com, will it only be seen by someone having and email, ex.  joe@xxx.com and not also the same joe@yyy.com???

Tue Aug 09 2022 12:25:45 EDT from mrsfeathers Subject: Re: Is Citadel multi-tennant?

if your server can be seen by multiple domains, you can use let's encrypt to request a certificate with multiple domains in it... then just have it be created in /usr/local/citadel/keys i think. it has to be named whatever.crt and whatever.key and they have to have permission for read and write and be owned by whatever user you set up to run citadel. at that point, you can simply add in hostnames to your let's encrypt config and magically have them be supported... at least that's how mine works. ^v^

if your server can be seen by multiple domains, you can use let's encrypt to request a certificate with multiple domains in it... then just have it be created in /usr/local/citadel/keys i think. it has to be named whatever.crt and whatever.key and they have to have permission for read and write and be owned by whatever user you set up to run citadel. at that point, you can simply add in hostnames to your let's encrypt config and magically have them be supported... at least that's how mine works. ^v^

it would CERT-ainly be the easiest way, as afaik citadel was made for small use cases and only takes one cert.. so you'd have to combine them. easiest way to combine them and keep them up to date is lets encrypt.. and the mail server should be visible at least at mail.example1.com and mail.example2.com if you set it up right with multidomains.. and when you request mail.example1.com and mail.example2.com it SHOULD also grant example1.com and example2.com by default... so even if your mail server isn't the main website on the domain, it should work. for me, i have an nginx reverse proxy on my domain.tld and mail is mail.domain.tld and all my certs are handled by the reverse proxy which then just has a cron that rsyncs them to all the other web-facing servers in my network daily, so every system always has up to date certs and if a system fails, i get notified about it via the cron email thingy and i just have the rsync directory be the one that citadel takes its certs from and then just forget about it. of course, make sure you can only log into whatever user via SSH certs and not passwords, because that's safer.

TRANSLATE with x

English

Arabic	Hebrew	Polish
Bulgarian	Hindi	Portuguese
Catalan	Hmong Daw	Romanian
Chinese Simplified	Hungarian	Russian
Chinese Traditional	Indonesian	Slovak
Czech	Italian	Slovenian
Danish	Japanese	Spanish
Dutch	Klingon	Swedish
English	Korean	Thai
Estonian	Latvian	Turkish
Finnish	Lithuanian	Ukrainian
French	Malay	Urdu
German	Maltese	Vietnamese
Greek	Norwegian	Welsh
Haitian Creole	Persian

 

TRANSLATE with

COPY THE URL BELOW

Back

EMBED THE SNIPPET BELOW IN YOUR SITE

Enable collaborative features and customize widget: Bing Webmaster Portal

Back

So instead of something like multi-hosts or SNI, I'll simply need a cert with all the domains supported listed as SANs, correct?

So if I have xxx.com, and yyy.com, when an email comes to xxx.com, will it only be seen by someone having and email, ex.  joe@xxx.com and not also the same joe@yyy.com???

Tue Aug 09 2022 12:25:45 EDT from mrsfeathers Subject: Re: Is Citadel multi-tennant?

if your server can be seen by multiple domains, you can use let's encrypt to request a certificate with multiple domains in it... then just have it be created in /usr/local/citadel/keys i think. it has to be named whatever.crt and whatever.key and they have to have permission for read and write and be owned by whatever user you set up to run citadel. at that point, you can simply add in hostnames to your let's encrypt config and magically have them be supported... at least that's how mine works. ^v^

Is there a way to redirect all HTTP traffic on the web client to HTTPS?

Thanks.

Is there a way to redirect all HTTP traffic on the web client to HTTPS?

Not using Citadel by itself, but you can easily do that by putting some other web server on port 80 and redirecting to HTTPS as per the normal method.