The wizard at https://certbot.eff.org/ isn’t a web GUI exactly: it provides instructions on how to obtain a certificate using the Certbot software, which you download and install on your server (or, less commonly, on your local PC). It asks what software you’re using so that it can customize the instructions it provides for obtaining and installing the certificate, and setting up automated renewal. Once you have a certificate, you can of course use it for nginx, postfix, dovecot, and anything else that supports it.
Let’s Encrypt doesn’t provide wildcard certificates; however, you can get a single certificate covering up to 100 (sub)domains (also sometimes known as a SAN or UCC certificate), and as many more additional certificates as you need - subject to the rate limits.
I’d suggest trying the nginx instructions first. If you use the
--webroot method, nginx will need to be able to respond to requests on port 80 for the domains you use for postfix and dovecot as well. If that’s not possible for some reason, you might have more luck with
Whatever method you use, Certbot will create a set of symbolic links in
/etc/letsencrypt/live/yourdomainname.com/ pointing to the latest versions of the certificate, private key and intermediate/chain certificate. Assuming you have all three services on the same server, you can then point their configuration at these symbolic links, so that they will always use the latest version of the certificate. Then when you renew the certificate, all you have to do is reload all three services and they should pick up the renewed certificate (and you can automate this too, using Certbot’s
If you actually just wanted a web GUI, the one at https://zerossl.com/ seems popular. It can’t support automated renewals however, so you would have to repeat the process manually at least every three months to avoid expired certificates.