One certif. for multiple email domains?

I successfully configured my ubuntu 18.04 server for a common certificate for multiple web domains configured for apache2. Nice job from Letsencrypt !
On the same, computer, I run an email server (postfix/dovecot) with again these multiple domains with matching names to serve, using postfixadmin to manage these virtual domains.
I would like to use a certificate (or several ?) to secure these services (imap and pop in secured mode). Shall I use the same certificates that were created for the web services ? I am confused as the common certificate was configured for e.g. and, and not explicitly for Or shall I force the use of these additional domain names at the command line ? (I presently use certbot --apache, which gracefully proposes the list of domains found in the sites-enabled directory.
Thanks for any clue.

1 Like

The certificate used in the mail services needs to include the hostname(s) which are used by the client. I.e., if the user types in their e-mail client for the IMAP server, you’ll need to include in the certificates hostnames. The same goes for SMTP.

That however, is of course a choice you can make. The other option would be to let the users just type in their e-mail client. However, I personally wouldn’t do that, so I also wouldn’t suggest that.

I would suggest using a separate certificate for your e-mail services. I think it should be possible to use the apache authentication plugin by entering the domain names manually on the command line. I just got myself a brand new certificate (sorry Let’s Encrypt, forgot staging…) for a test domain by typing:

certbot certonly -a apache -d

Even though there is no virtualhost for that hostname in my Apache configuration, by only using the apache authenticator in combination with certonly, it did verify my hostname. So this should be possible too:

certbot certonly -a apache -d -d

Of course you’d need to install the certificate manually in Postfix and Dovecot.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.