What would it take to port the ssl_certificate_* capabilities from http/stream to mail proxy?
It's possible to proxy imap/smtp/pop3 connections using stream+ssl_certificate_by_lua to provide a different certificate for each user based on SNI, but this does not work when the client uses STARTTLS.
Do you have any insight on managing certificates dynamically for thousands of domains via openresty? Exim can provide this but without the flexibility of openresty, and dovecot requires each certificate to be preconfigured.
Thanks
