Email domain SSL certificate

I have a server running Debian 10 (Buster), Postfix, and ISPConfig 3.2. The common issues check returns that all is good.
I am trying to set up an email domain along with an email address for a domain not hosted on this server.
Let's say the domain is library.example. I've got MX example -> library.example and A library.example -> 123.123.123.123
I've also added a website via ISPConfig and enabled Letsencrypt for it. Visiting library.example. brings up the default site index secured normally over https.
I've added an mail domain and an email mailbox no-reply[at]library.example
When I go and set up Thunderbird using the credentials I entered, I see the normal "Welcome to your new email account" in my Inbox but when I try to send a test email I get a warning that the location library.example:587 is trying to identify itself with invalid information because Postfix is presenting the server certificate that ISPConfig generated.
I've tried removing and re-adding the mail domain several times etc, each time I get the same behavior. This problem does not appear for any of the other sites that I host (proper websites and mail domains) on the same server.
Any ideas how I can fix this?

Thanks in advance,
Jim

 

My signature has link to e-mail setup on ISPConfig.

 

Th0m, I read that thread while researching a solution but I had concerns about practicality since for every domain that I'm currently hosting and for every domain that will be added in the future I'd have to add an alias.

What I was going for was something along the lines of lxadm.[com]/Postfix_and_multiple_SSL_certificates since then, if I'm not mistaken, all the mail.site.com domains would be able to use their Letsencrypt cert instead of the server cert. Would that be correct? Perhaps a feature requesst should be added?

 

Agreed. The use of mail.clientdomain.tld should be considered as a premium service due to considerable amount of its setting and maintenance.

 

I'd be willing to devote developer resources towards this (and Postfix) if I could get a few pointers about how to proceed. I've got a good developer team but Dovecot/Postfix is not their specialty. Could we work out a spec?

 

Btw, PLESK somehow provides this - separate certificates for mail for each domain (Dovecot and Postfix), so it would be great if ISPConfig could support that too. Sorry to hijack an old thread.