I have server created based on Perfect Server tutorial for Ubuntu 16.04. Is it possible to assign to postfix/dovecot as many lets encrypt ssl certs as possible? I have 20 domains on the server but postfix uses ispserver.crt and ispserver.key certs generated by letsencrypt: Code: lrwxrwxrwx 1 root root 48 Mar 13 07:42 smtpd.cert -> /usr/local/ispconfig/interface/ssl/ispserver.crt lrwxrwxrwx 1 root root 48 Mar 13 07:42 smtpd.key -> /usr/local/ispconfig/interface/ssl/ispserver.key which are from: Code: lrwxrwxrwx 1 root root 50 Nov 3 2017 ispserver.crt -> /etc/letsencrypt/live/s1.example.net/fullchain.pem lrwxrwxrwx 1 root root 48 Nov 3 2017 ispserver.key -> /etc/letsencrypt/live/s1.example.net/privkey.pem For each domain except server fqdn I have certificate mismatch in mail client. Sending emails works but I would like to fix certs mismatch.
Is possible adding more domains to postfix/dovecot cert using ISP? Each domain has LE SSL generated by ISP. Each domain is used for websites and additionally there are mailboxes. Currently postfix/dovecot use cert generated for server. I don't want break something. PS @till If I would generate one lets encrypt cert including each domain I have on the server and attach it some way to postfix would it break lets encrypt cert generating from ISPconfig?
I dont see why you need to do that. Unless you want each domain to have its own dedicated mail server then you would need to do some serious configs if you do not have multiple servers, im sure its possible to spawn a postfix instance and have that instance work of a specific config file but it would also mean you would need to have each instance on a dedicated port. Seems like a lot of work to me. if you are offering vps or dedicated hosting then the server will be set up per domain and mail, ftp etc are not really your concern, they are something the customer should be dealing with. What you should be doing if you are offering mail on a shared hosting is set up a dedicated mail server (2 possibly 3 actually). You would have a generic domain for it, something like privatemailserver.com as an example. Now to get this server to accept the domains mail you need to tell it to relay mail incoming and outgoing mail for the domain in question (be careful not to create an open relay this would open you up to spammers using your servers for evil), the simplest method down the road is mysql based but is harder to setup initially, once set up though it will save you many headaches because you can easily add mail domains, mail boxes etc on the fly without needing to open up config files every time you need a new email address.
Thank you guys for advices. I am still learning. Thank you for patience and showing your perspective. It's important experience. On postfix mailing list Wietse Venema said on my concern: "Postfix does not yet support SNI, so you would need to update master.,cf with one smtpd definition per IP address with its own smtpd_tls_*cert_file and smtpd_tls_*key_file. But why? SMTP is not HTTP. With SMTP, the MX records for different domains can contain the same SMTP server hostname." So probably I have to setup one generic mail domain - like said @Chris_UK (and thought @ahrasis ) and add this for each domain DNS zone in MX record. Am I right?
Yes you create/edit your dns zone template so that you can automatically apply the correct mx records to the zone at creation so you don't need to go and edit it at a later point.
Ok. Thank you. One more thing - could you point me where I can edit templates (wow I didn't know there is such thing!)?
Or you can simply explore DNS Zone page in your ISPConfig control. It is easier to navigate and understand each function that way. The manual and this forum is the main reference for any doubt of course.
Thank you for advices. I have old manual, today I bought new one. I couldn't buy it earlier - I was waiting for approval from CEO.
I would not say "can", i would say "should" yes. one mailserver with one ip = the same hostname and mx-record for all domains.
