The way I had it configured and working was to create a website with hostname.genericdomain.tld and then create alias domains for that domain for each mail.domain.tld. I then had symbolic links at /usr/local/ispconfig/interface/ssl/ and somewhere else, I remember reading how to do it on this site, but for the love of all that is unholy, I can't find the post. Lately when I add an alias domain for mail.domain.tld, the mail client is not getting the cert. Yes clients can use hostname.genericdomain.tld but if I switch a client to a new server it's the headache of getting them all to change the IMAP and SMTP server name. Browsing through the server, I see that there is now PEM Certs at /usr/local/ispconfig/interface/ssl/ How do I get IMAP and SMTP to use same cert as hostname.genericdomain.tld? EDIT: What I want is if you open hostname.genericdomain.tld on port 443 or 8080 the cert is true. On port 443 I am offering a Roundcube loging. I also want mail.client1.tld, mail.cilent2.tld, etc to all have valid certs for IMAP and SMTP. If I run Code: nmap --script ssl-cert -p 465 hostname.genericdomain.tld then all the mail.clientx.tld names are in the certificate, but not when I run Code: nmap --script ssl-cert -p 993 hostname.genericdomain.tld
Fix: systemctl restart dovecot && systemctl restart postix This wasn't a step I had to do in the past, so in a recent update something has gone a stray?
Compare yours etup with this guide, maybe you don't have the mail system restart script in place? https://www.howtoforge.com/securing...server-with-a-valid-lets-encrypt-certificate/
Cool read. But I actually ended up writing a Service file that uses inotifywait to monitor the source LE files that the symlinks connect back to. When there is a close_write event on both the files, my service restarts both postfix and dovecot. Problem is solved.