I would to know how, for a (Postfix) backup email server, Letsencrypt work.
For example, on the backup server just copy the certificates from the main server?
Or is it better install certbot on the backup server and request new? Considering that on the email backup server I would not install Apache…
Then using the certificate for the “main” Postfix server, with a different (set of) FQDN(s) in the certificate than the backup server, won’t work on the backup server, assuming this is also how they are advertised in the MX records.
Then it’s not possible to get the certificate for the backup server issued automatically on the main server.
If the backup server is totally different, i.e., has a different hostname which isn’t present in the certificate for the main server, and has a different IP address (makes sense obviously ;)), most likely you’ll need to get a separate certificate issued for the backup server.
You can use the standalone plugin for that, assuming the firewall of the backup server isn’t blocking incoming TCP port 80 or 443 (using resp. --preferred-challenges http or --preferred-challenges tls-sni).
I’m not sure if I understand the question. What does the “email address” have to do with it? A certificate isn’t bound to an email address, it’s bound to a server on a specific hostname (FQDN).
Also, speaking about an “email client” makes me wonder if we’re talking about the same situation. I assumed, mostly because of lack of information, you were talking about a backup SMTP server in the context of adding a backup server with a lower priority to your list of MX records of your domain name. But now when you’re talking about “email clients”, I’m not sure if we mean the same. I’m also not sure if it would make a difference though, I’m thinking it doesn’t
Yes, I’m talking about this.
Only, I came to doubt if for the Email Client (as Thunderbird) handle two certificates, one for the first email server, and the second for the backup email server, may result problematic. But by your answer, seem to understand I do not have to worry…
E-mail clients such as Thunderbird do not use MX records and therefore won’t directly connect to your main nor backup Postfix server. They will connect to whatever mailserver the user sets the outgoing SMTP server to. That has nothing to do with MX records.
Yes, but Email Client handle certificates for encrypted transmission. Two Email server with two different FQDN equal two different certificates. But I think, from what you say, that there are no problems.