use mail.domain.tld as pop3/imap/smpt server for each domain using Aliasdomains with same ssl cert

Hi, i followed this guide: the perfect debian 10 server with nginx:

1. I have running: Securing ISPConfig 3.1 with a free let's encrypt ssl certificate.
2. I have several domains, dns zones, sites and mail accounts configured.
3. I have read that to use "mail.domain.tld" for each domain the "best/easy" way is creating a aliasdomains for each domain linking to main domain (created in point 1)
4. I have created a aliasdomain like that
   1. domain: mail.domain.tld
   2. parent website: subdomain.vpsdomain.tld
   3. redirect path: blank
   4. auto-subdomain: none
   5. seo redirect: no redirect
   6. don't add to let's encrypt certificate: unchecked
   7. active: checked
5. Problem: Configuring mail account on a client, if i put "mail.domain.tld" i received a certificate error. If i put "subdomain.vpsdomain.tld" run ok
6. Notes:
   1. "subdomain.vpsdomain.tld" is the hostname provided by vps provider.
   2. "domain.tld" has dns record included mx -> mail.domain.tld
   3. is it neccesary create a dns zone for "subdomain.vpsdomain.tld" ?? i havent it

I know that it is not a bug but a concept problem. Any help would be appreciated.

Thank u

 

this is the log (1 warning talking about www):

Code:

LE CERT OUTPUT: Expiry Date: 2020-12-18 09:25:08+00:00 (VALID: 89 days)
LE CERT OUTPUT: Domains: xxx
LE CERT OUTPUT: Serial Number: 3xxxxxxxxxxxxxxxxxxxxxx
LE CERT OUTPUT: Certificate Name: xxx-0001
LE CERT OUTPUT: Found the following matching certs:
LE CERT OUTPUT: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
exec: /optcertbot/venv/bin/certbot certonly -n --text --agree-tos --expand --authenticator webroot --server  acme-v02.xx.xx/directory --rsa-key-size 4096 --email xxx@xxxxx --webroot-map '{"xxxxx":"/usr/local/ispconfig/interface/acme"}'
2020-09-19 12:31
LE version is 1.8.0, so using certificates command
Let's Encrypt SSL Cert domains: --domains xxxx
Create Let's Encrypt SSL Cert for: xxxx
Could not verify domain www.xxxx, so excluding it from letsencrypt request.
Verified domain xxxxx should be reachable for letsencrypt.
safe_exec cmd: chattr +i '/var/www/clients/client1/web2' - return code: 0
safe_exec cmd: setquota -T -u 'web2' 604800 604800 -a &> /dev/null - return code: 0
safe_exec cmd: setquota -u 'web2' '0' '0' 0 0 -a &> /dev/null - return code: 0

what's the best practices/easy for free? thank u

 

Does www.xxxx exist in name service and does it point to your server?

 

sorry, i cant quote because im new on forum.
@Taleman : i have set subdomain to "none" on website created with hostname because it is not accesible and i wont use it.
@Th0m : SANs: mail.domain.tld and subdomain.vpsdomain.tld

green checks all.
xxx.xxx.net resolves to xx.xxx.xx.xxx
Server Type: xxxx
The certificate should be trusted by all major web browsers (all the correct intermediate certificates are installed).
The certificate was issued by Let's Encrypt.
The certificate will expire in 88 days. Remind me
The hostname (xxx.xxx.xx) is correctly listed in the certificate.

Note: configuring pop3 in android with mail.domain.tld certicate error is: subject and hostname are not the same

 

/etc/letsencrypt/archive/$(hostname IN_ALL_EVENTS IN_MODIFY ./etc/init.d/le_ispc_pem.sh

 

thank u so much for ur help. it works!
when i have opened incrontab -e file show that:

Code:

"/etc/letsencrypt/archive/$(hostname     IN_ALL_EVENTS   IN_MODIFY ./etc/init.d/le_ispc_pem.sh"

i had put this line instead (removed hostname and IN_ALL_EVENTS):

Code:

/etc/letsencrypt/archive/subdomain.vpsdomain.tld/   IN_MODIFY       ./etc/init.d/le_ispc_pem.sh

then, i execute /etc/init.d/le_ispc_pem.sh and all ok.

@Th0m, u had talked that this is not a good practice. Could u give me an approach of best practice to learn?

thank u so much!

 

I got automail working with Thunderbird, but not with any other e-mail client I tried. Does your setup work with most e-mail clients? How is it done?