Additional SSL certificates for IMAP and SMTP

i run my own webserver with Nginx, Dovecot and Postfix SSL certificates come from Letsencrypt

The following SSL certificates were created: example.com, www.example.com and mail.example.com

certbot certonly --nginx -d example.com -d www.example.com -d mail.example.com

I use IMAP and SMTP.

Sending and receiving e-mails works great and I don’t get any warnings.

I use mail.example.com only for DNS MX-Record. I use port 993 and 465, everything works fine. The only thing I noticed is that Thunderbird did not recognize the ports immediately, I had to do everything manually.

My questions are: Do I need additional SSL certificates for imap.example.com and smtp.example.com or not and Should I create SSL certificate for mail.example.com is it needed at all?

1 Like

You should have one or more certificates containing the URL’s actually used. So if you have a MX record with mail.example.com, you should have a certificate with mail.example.com in it. If your users type in imap.example.com in their mail client, you should have a certificate with imap.example.com in it. If your users type in smtp.example.com in their mail client, you should have a certificate with smtp.example.com in it.

This can be just one certificate covering all hostnames or you can use separate certificates. One for “web”, one for “email” for example. Really doesn’t matter actually…

Also: if all hostnames resolve to the same IP address, you could also just use mail.example.com for everything. In that case, your users would type mail.example.com in their IMAP configuration and would type in mail.example.com in their SMTP configuration too. Doesn’t really matter if everything is just the same IP address.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.