Let's crypt Certs for anything other than domain.com or www.domain.com


I want to create a let’s crypt cert for subdomains mail.domain.com so that mail servers have a valid cert. It did not take it at first after but creating an ServerAlias mail.domain.com in apache conf it worked.

I created the same server alias for hostnameofserver.domain.com but unfortunately the let’s crypt cert fails with 403 or 404. All the DNS records exist.

Any ideas?

I don’t understand why this is. It works on Debian 7 box but not on my new Debian 8 machine.

Other bugs on Debian 8: Initial setups fails to start MySQL. (this is true for all installs from many hosting companies, regardless of ISO image). It works after that for some reason.

Also; when enabling proftpd with SSL, Proftpd will not work at all until you disable the SFTP module and # it out.

Also; enabling SSL with postfix adds the line: smtpd_tls_mandatory_protocols = SSLv3, TLSv1 isn’t this insecure?

I removed it and changed it to:

smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
smtpd_tls_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1

This way TLS 1.2 is used.

Also; ougoing mail is not encrypted only incoming. I added:

smtp_use_tls = yes
smtp_tls_loglevel = 1

The same is true for dovecot and protpd, it enables ssl in whatever. I think it would be nice to use something like:


I think the automated SSL enabling and automated Let’s Crypt Certs is the cooles thing ever ! But I think it should be a bit more complete out of the box concerning protocols & ciphers.

I managed to get a cert for all subdomains as awell as the local hostname by enabling “Default website for IP address?” to Yes.

Now I have one last problem.

Webmin will not take the Let’s crypt cert. If I click copy to webmin, it says it is doing it but nothing hapens. and the button remains there. and it is still using the self signed one.