I've switched all certificates to letsencrypt (scrapping my own CA). Works fine for all webs, and i got a domainalias to get a certificate for "mail.domain.de, domain.de" to use with postfix and dovecot. 1) is there a practical way to get a certiificate valid for all my domains so every user can use "mydomain.de" as mail connection? 2) i suppose i need to restart/reload postfix/dovecot every time the certificate changes, andy tips on how to automagically do that?
You'd have to add each such vanity domain to the cert. Regarding restart: That depends on the client. For ISPC, dovecot/postfix I prefer to use acme.sh as LE client, since it allows DNS-01 challenge (see: https://www.howtoforge.com/communit...-01-challenge-for-ispc-3-1.74850/#post-352160 )
Using letsencrypt-auto and the integration already included in ISPConfig 3.1.x since it's mainly for the webs. I'm aware that i'd have to add all domains to a single cert, question is how to do that the way they get generated based on the config in ispconfig currently :-D
you can't... you have to do that manually. That's also a reason why I use acme.sh it's just a shell script... no dependencies.. and works with DNS-01 challenge.
