Did the certificate for the mail domain created by the letsencript option of the site section or has to be created manually? Thanks
The Let's Encrypt SSL cert which gets created at install time by ISPConfig for the hostname of the system is used by the ISPConfig GUI, the mail system and FTP.
No. No certificate is created for mail domain that way. Currently ISPConfig only supports the server FQDN with LE certs and they were created as explained by @till above.
or better can be replaced by a manually created mutidomain certificate only for server, mail and ftp. leaving the web certificateds to be handled by ispconfig?
The certificate created by ISPConfig install is for the actual server name. Each website gets it's own certificate when it is ticked on in website settings. Is there an actual problem on your server with certificates? Is it just now installed or did the problem appear recently? One way to mess up the ISPConfig certificate system is to create a website that has same name as server FQDN. So do not do that. Another way is if server FQDN is domain only, like mycompany.tld instead of hostname.mycompany.tld, so do not do that either.
Like @Taleman mentioned, the ssl cert is issued for the server name, so it should be correct unless you configured the server with a wrong name initially. in this case, you can run and ispconfig update with: ispconfig_update.sh --force and let the updater issue a new SSL cert after you changed the server name. Besides that, you can use a custom SSL cert of course, the SSL cert is in /usr/local/ispconfig/interface/ssl/ folder. There is also a method to use a website SSL cert as described here: https://www.howtoforge.com/securing...server-with-a-valid-lets-encrypt-certificate/ But having a website with server hostname can cause issues as @Taleman pointed out, so using a website is only an option of the site is not the server hostname.
Im updating the hardware and OS from an obsolete centos 6 to Debian 11. When I migrate from old server give the new server asign a temporary fqdn. So after install Ispconfig on the new server the certificate was issued with the temporary fqdn. after migrate I unplug the old machine and rename new machine and reassign IP. This machine is the web, and mail server for several domains. ispconfig_update.sh --force update the certifice to actual server name however email clients keep claiming cannot verify server identity since it not shows the mail server id. older server I was ussinng a previous version of https://www.howtoforge.com/securing...server-with-a-valid-lets-encrypt-certificate/ this. So in order to have a certificate for mail I will ahve to create a multidomain certificate with the updated procedure. Thanks you all have been very helpful.
Your clients must use your server FQDN and not their own domains. Check your server LE certs just to ensure if there is any issue.