Wildcard letsencrypt certificates

ISPConfig uses domain-based authentication for LE certs. LE does not issue wildcard certs using this auth method for ease of use as most users would fail to configure DNS auth with external DNS providers. To use wildcard LE certs, you must authenticate them manually using DNS auth. There should be several threads on that topic here in the forum.

Using per domain certs for email is not recommended as it does not scale, its more for home or small business setups. Therefore no larger provider uses per domain certs and ISPConfig is made for hosting provider setups. E.g. a typical ISPConfig provider setup setup consists of a few thousand domains, I guess you can imagine what happens if you put a few thousand SSL certs in postfix and try to reload the service. or what happens if one of your thousands of clients changes his dns, so renewal of the cert fails etc.

If you have a small or home setup with not more than a few dozen domains, then you can use the setup described here: https://www.howtoforge.com/securing...server-with-a-valid-lets-encrypt-certificate/

 

The idea sounds nice and appealing at first, but there are good reasons why no larger provider does it like that