Hi my setup is now a fresh Debian 10 with fresh install ISPConfig 3.2 (not a update to 3.2) I have 3 different domain's and on the site that deliver the domains i setup for each domain the DNS records. The lets encrypt certificate that is created is only for 1 email domain. Is it possible to do dis for all the 3 different domain names? Now is 1 email with the correct hostname LE, and the other 2 emails with the incorrect hostname LE
I may not understand what you are after, but you can add other domains as alias domains to your e-mail domain, then LE automatically adds those alias domais to the certificate. But LE has limit of 100 domains in one certificate, so this does not scale well. Usually what is done is to tell all users to use mail.companydomain.com as the e-mail server and not their own mail.userdomain.com.
I agree with Taleman. Don’t add a DNS record for maill.clientdomain.com but tell them to use imap.yourcompany.com and smtp.yourcompany.com. You can use the automail plugin from Schaal-IT to push your settings to them when they set up the account in their client: https://schaal-it.com/ispconfig-automail/
Ok thanks. When I check my ssl certificate with https://www.sslcheck.nl I get the output " Common Name: mail.domainAA.nl" and "Alternative Names: mail.domainBB.nl and mail.domainCC.nl" but when I check the certificate from my server it gives me mail.domainAA and not the alternative Names. how is this possible?
The main domain is mail.domainAA.nl, so that is what it shows at first. If you look into the whole cert, you'll see the alternative names aswell.
Yes indeed, in the server /etc/letsencrypt/live/mail.domaineAA.nl there are alternative names, but not the same I get with https://www.sslcheck.nl. They are different? They should be the same.......So I think the sever dit not receive the latest updated ssl certificate.
Make sure you are using the correct hostname and that postfix & dovecot are restarted. You can also check with a service like https://www.checktls.com/TestReceiver (enter a domain that has mail.domainaa.nl as MX record, and see the listed hostnames)
When I look into the website mail.AAA.nl mail.BBB.nl mail.CCC.nl, the LE-certificates shows me DNS: mail.AAA.nl DNS: mail:BBB.nl DNS:mail.CCC.nl on all websites. That is correct. When I check mail.AAA.nl with https://www.checktls.com/TestReceiver I find DNS: mail.AAA.nl DNS:BBB.nl DNS:CCC.nl This match When I check mail.BBB.nl with https://www.checktls.com/TestReceiver I find DNS: mail.AAA.nl DNS:BBB.nl DNS:CCC.nl. Not match When I check mail.CCC.nl with https://www.checktls.com/TestReceiver I find DNS: mail.AAA.nl DNS:BBB.nl DNS:CCC.nl Not match So the website LE certificate is not the same as the STARTLS certificate? I suppose that they should be identical. But why not. (Postfix and Dovecot are restarted)
STARTTLS is a form of encryption. can you share your domain name, eventually through a PM, so I can check it?
You posted on my profile, which is public, so I have removed it and sent you a PM with the valid hostnames.