I’ve got a LE-issued certificate on a webserver and I mostly understand the procedure for creating and renewing a certificate on a host where a webserver is running all the time. But I’m not sure how to manage a cert for a dedicated mail server, one that didn’t neccessarily have a webserver.
As I understand it, the web-based challenge assumes that the CA will contact the hostname specified in the certificate request. This seems to indicate that a webserver must be running on the host that needs the cert, at least temporarily. For renewals, I’m not sure if the challenge is issued again. Can you guys confirm or refute these specific assumptions and maybe point to some guidance on how one would manage the certificates on a mail server?