webmail access from other domain

We have a multiserver, centos7.5 running nginx.
We have https://main.domain:8081/webmail which redirects to roudcube all working with the main.domain currectly.
On a secondary domain if I try https://secondary.domain:8081/webmail it complains as the SSL certificate is for the main.domain.
Is there a way to handle have a cert for the secondary domain as well ?
I was playing with web aliasdomain and having a webmail.secondary.domain redirect to the first which does work but I'd prefer to hide the main.domain:47081 when running from the secondary.domain.
Any ideas on solving this aspect ?

 

I'm not sure I'm getting your point as I have never used a dedicated port to access webmail - it's always https://mailserver.domain/webmail/ for my users. Anyway, I've found in order to properly secure the web access, the easiest way is to create a "website" (even an empty one) with the mailserver's domain name and enable LetsEncrypt. The alias /webmail/ will automatically inherit the certificate.
Now, if you want to use secondary domain names (like any customers' domain, e.g. https://customer.domain/webmail/ ) you can either add the alias domain to the mailserver's "website" and re-generate the LetsEncrypt certificate so it includes the alias domain(s), or - on a combined mail and web server - just enable LetsEncrypt for the customer anyway as in that case the webmail alias will again inherit the certificate.
Just btw. I am still trying to figure out if it will be safe to use the mailserver's domain certificate (the LetsEncrypt generated one) as SMTP/POP3/IMAP certificate also - would save the hassle of having to renew that one manually every year.

 

That does work. I do that both on host that runs both websites and e-mail, and another setup with a separate e-mail server. @ahrasis wrote a very good howto with helpful scripts.

 

You must create certificate for every domain you want to use with https. A certificate can include aliasdomains.
Like @Steinbruch I wonder why you want to use port numbers?

 

Thanks for your ideas guys.
The port 8080 is simply the default port on installation if ispconfig and hence why its being used.
Interesting that you both run it on 80 I assume, this is the apps.vhost.
We do already run a single mail.client.domain as suggested, I assume for your SSL you are adding ISPConfig subdomain entries for each of your sites to allow the main cert to contains all domains.
My goal was just to make a clean url either alias or subdomain for each client domain which is easier to remember than the port numbers. Since it was the default I was thinking that was how everyone ran it.
I was trying to use an alias with a proxy and directive to hide the ugly url.

 

thanks till, was thinking it was the default like indicated in the multiserver tutorials e.g. ISPConfig Port [8080].

php -q install.php

Select language (en,de) [en]: <-- en
Installation mode (standard,expert) [standard]: <-- expert
Full qualified hostname (FQDN) of the server, eg server2.domain.tld [web.example.tld]: <-- web.example.tld
MySQL server hostname [localhost]: <-- localhost
MySQL root username [root]: <-- root
MySQL root password []: <-- Enter your MySQL root password here
MySQL database to create [dbispconfig]: <-- dbispconfig
MySQL charset [utf8]: <-- utf8
Shall this server join an existing ISPConfig multiserver setup (y,n) [n]: <-- n
Configure Mail (y,n) [y]: <-- n
Configure Jailkit (y,n) [y]: <-- y
Configure FTP Server (y,n) [y]: <-- y
Configure DNS Server (y,n) [y]: <-- n
Configure Apache Server (y,n) [y]: <-- y
Configure Firewall Server (y,n) [y]: <--y
Install ISPConfig Web-Interface (y,n) [y]: <--y
ISPConfig Port [8080]: <-- 8080

 

Yes true, clearly doing too many things at once.
The 8081 port is defined in the apps.vhost section of the ISPConfig page.
I think I had tried changing the apps.vhost file manually but nginx was complaining on startup with server_name from memory.