Email Letsencrypt cert in the name of hostname not virt. server

This used to work fine for 10 domains.
I added a new virtual server and generated a letsencrypt cert.
This works fine on the website as https.
However, email (Outlook and Thunderbird) says that the cert cannot be verified as it is in the name of the hostname domain and not the domain of the virtual server domain.
Virtualmin does not complain and says the cert is in the name of the virtual server.
I am guessing postfix is using its default domain and not the virtual server’s domain.
Any ideas how to fix this?

Does it say that when you’re sending or receiving mail? Do you have shared or private (dedicated) IP for this domain?

Anyway, SNI should be already supported by Postfix 3.4+ and Dovecot 2.x

Have a look at this page:

It says that when sending and receiving.

It is a shared IP but other accounts seem fine.
It also works fine in usermin.
I have not touched that SSL Cert Page contents

Switch to Yes and hit Save.

Thankyou for the suggestion.
I did that and rebooted
Identical result :frowning:

What do you have set under Server Configuration/Email Settings?

Postfix can only ever use one certificate. We generally recommend you use one “central” domain name for email. The most recent version of Postfix (not provided most distributions yet) adds support, but Virtualmin doen’t yet handle it automatically.

Dovecot has support for multiple certs, and I’m pretty sure it’s supported automagically in Virtualmin. But, again, until Postfix supports is broadly, one central mail domain is the most sensible solution.

Okay, did you perhaps put all of those 10 domains to a single SSL certificate?

I just spoke with Jamie and we are talking about adding SNI to Postfix.

Oh, I have completely forgotten to mention, that those 10 domains (that worked) could have been setup with private (dedicated) IP (instead of shared) - in that case per-domain certificate is being set automatically and just works by default in current version of Virtualmin (6.08). I suspect, that probably, it was your case?

I shall look at the ‘working’ domains and see if they are indeed ‘working’.

I set up email for the hostname domain for the purpose of getting ssl mail going on all virtual domains.
I can retrieve mail from using SLL :slight_smile:
However, I can only send via smtp INSECURE. Using any other setting times out.
I have also found a large number of other users’ posts on the same issue in stack overflow, here and other forums. None seem to have a published solution.

@Joe – Can I get verification that SNI in Dovecot is setup to work with Virtualmin controlling the configuration?