Per-domain certificates in postfix? Where?


Apologies to ask, but I saw in the news information that the latest virtualmin update comes with, quoting: “Per-domain SSL certifcates can now be setup in Postfix, if running version 3.4 or later.”

I do happen to run postfix 3.4.10 on a Debian 10, however I am unable to find where this option might be present in virtualmin…
I’m sorry to ask, but could someone point me in the right direction, please?

I’m not asking without a reason. It’s been more than a month (maybe a lot more, I didn’t try before) that I noticed that the gmail app is unable to send mail for virtualmin-managed domains.
In gmail’s app, sending mail section, if I give the server’s reverse (as mentioned in webmin > servers > postfix > general options > internet hostname) and the proper account’s password, gmails throws a certificate not matching error and refuses to make an exception. And if I give instead mail.domain.tld, it used to work a few months ago, but now it’s not working anymore either, also certificate not matching (and yet, I made sure to include mail.domain.tld to be part of the letsencrypt certificates for that domain).
So, I told myself it might be related to virtualmin. Not sure at all, but who knows, maybe it is.

I’m gonna take a guess and say select the virtual server in Virtualmin, then

Server Configuration -> SSL Certificate -> Service Certificates -> Postfix IP certificate enabled?

Just a guess, mind you. I haven’t tried it yet.


Okay, I just made that change on one domain, and sent and received with no errors using both Thunderbird and K9. Maybe I guessed right for a change.

Per-domain certificates are set automatically. You can keep track of records in Postfix/Certificate Mapping:

You could disable it by setting Postfix IP certificate enabled to No.

In my case, Postfix 2.10.1 had been installed when I installed Virtualmin.

I manually updated Postfix to 3.5.3 and had to update /etc/webmin/postfix/version with the new version number, and restart Webmin, to make the Postfix IP certificate enabled option available. Undoubtedly this was because I updated Postfix outside of Webmin.

Although available, the Postfix IP certificate enabled option was still deselected after I did the above. Manually selecting it through Virtualmin created the map and caused Postfix to use the domain’s certificate, all quite painlessly.

I wish I could say the same of my left bicep, which suffered the indignity of my momentarily believing I was a young man again…


Next Webmin release will have Postfix version number update correctly automatically, after Postfix upgrade.

… all quite painlessly.

Good to know!

I wish I could say the same of my left bicep, which suffered the indignity of my momentarily believing I was a young man again

Get better!

1 Like

Thanks. I tried lifting an entire boxed steel shelving unit by myself at Sam’s Club. Estimated weight about 150 pounds ( about 68 kilos). In my younger days, that would have been easy. Nowadays… not so much.


Offtopic: Sorry, but that might be a well indicator that, perhaps, you body lacks of fresh water intake… Nowadays, people in adulthood take so much other liquids (useless and/or damaging), rather than plain, fresh water. :wink: :green_book:

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.