When I change the hostname, the original SSL for ._default_hostname naturally becomes invalid. How can I reapply for Let’s Encrypt for the new hostname?
you could use the method built into webmin to do it
webmin->webmin configuration->ssl encryption->lets encrypt
depending how your server is set up you may have to play with the options a bit most likely you will have to use certbot to request the certificate
If you want to reduce tech support from customers whose domain has an issue (say it has expired) and their email client tells them that it is a problem with the server then use the hostname for incoming server and outgoing server in email clients.
To do that the hostname needs a certificate.
There could be other reasons for a hostname needing a certificate but, for me, this is the most practical one.
So: the customer’s domain has expired and he is using our hostname for incoming and outgoing server. The customer calls and says I am not receiving new mail. We respond with, hold one a minute, oh, your domain has expired. Click this link to renew it.
Versus
Customer’s domain has expired and he is using his domain for incoming and outgoing server. The customer calls and says THE EMAIL SOFTWARE SAYS THERE IS A PROBLEM WITH THE SERVER. We respond with oh, your domain has expired. And the customer says BUT IT SAYS HERE CONTACT THE SERVER ADMINISTRATOR AND THAT IS YOU!!
hostname for incoming server and outgoing server in email clients
I always give the clients there domain name for mail address in there settings, like mail.theredomain.com, I’ve never given out the hostname for that job and the client shouldn’t need to know the hostname. But if you do it that way you do need a certificate.
I can’t see hosting services like godaddy giving the hostname of there servers to do there clients mail.