Postfix and multiple SSL certificates

If you ever wanted to use your Postfix with multiple SSL certificates for different domains, here is how.

List of requirements

  • separate IP for each SSL certificate
  • different domains you will use for your mail (say, example.com and example2.com)
  • separate SSL certificate for each domain


The change will involve:

  • modifying /etc/postfix/main.cf
  • modifying /etc/postfix/master.cf

Modifying /etc/postfix/main.cf

Comment out smtpd_tls_key_file and smtpd_tls_cert_file directives. smtpd_tls_CAfile can stay, if the certificates you’re using are from the same SSL vendor.

Modifying /etc/postfix/master.cf

Where you previously had Postfix master listening on all interfaces (for smtp/25, smtps/465, submission/587), and thus, using one SSL certificate (the one defined in /etc/postfix/main.cf):

You should now modify it to use different IP addresses and different SSL certificates – for example, for mail.example.com and mail.example2.com:

That’s it! Restart Postfix, and you should be done.

For information on how to set up Cyrus to use multiple certificates, see this article.

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Lxadm.com.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.