LE cert with domain.tld for Dovecot flags "Target principal name is incorrect"


#1

Since I’ve exceeded my Renewal Rate (which I don’t know how I did if it’s actually 10 Registrations/IP address per 3 hours) I’m stuck with a certificate for my webserver that does not include the mail subdomain (as per my MX record) or the hostname of the machine (which I actually use in my Outlook client settings).

As I was writing this post, I decided I would try changing my outlook mail settings to reference my server without the hostname, using just the domain.tld. To my pleasant surprise, it actually worked (no annoying alert message) and my mail is received ok by gmail without being marked as spam (a good sign).

I have two questions:
+I’m wondering if there are any other consequences that I haven’t foreseen? (I’m going to setup DKIM next.)
+Once enough time has gone by I will request a new certificate for my mail server that includes the mail domains of the other shared hosts that I have on my server. Will this work? I know Dovecot is SNI capable. Or should I create individual rules for each mail domain with the associated certificate for that domain?

Cheers


#2

That’s just one of the rate limits. For certificates, there’s a rate limit of 5 certificates per 7 days sliding window.