Assuming latest fresh (clean) install of GPL version on CentOS 7:
I am planning to create the virtual server’s hostname (i.e myserver.domain.com) and enable Apache and SSL site on it. I will then acquire LetsEncypt SSL for that server and I want to use that certificate also for email services (Dovecot IMAPS+Postfix).
Question: Will the mail services be reloaded (or restarted) when the virtualserver automatically renews the LetsEncrypt certificate or I need to buy a wildcard SSL?
CentOS 7 does not have a version of Postfix that supports SNI. So, not automatic in the sense that every domain will automatically setup the cert to be used by Postfix. You have choose which domain will be the TLS domain for Postfix.
I know it will work the first time. What about when the automatic renewal happens? Will the Dovecot and Postfix automatically reloaded with the new cert?
After you do this, let me give you an idea what happens after you set email clients to use the letsencrypt cert…
Email clients will barf all over the place and give people a hard time when it changes. Thunderbird will possibly be left open all night and you will have 100 small windows open asking about the certificate. Androids can handle it by tell it to accept any certificate, iphones will simply stop working and will have to be fussed with. on and on and on.
I’m pretty sure that shouldn’t happen if your mail client is up to date, and the full chain is being used in Postfix and Dovecot. The signing certificate used by Let’s Encrypt is known by the current version of Thunderbird, as far as I know. If you get a popup when it changes, you have something wrong somewhere…I don’t know where, though.
Have you checked to be sure you have current software (both Virtualmin/Webmin and Thunderbird)? Are you sure the certificate name(s) match the name you are using to contact the server? This isn’t really a thing that should need discussion (but if it does require further discussion, please start a new topic, as it’s unrelated to the original question). It just works. If it doesn’t work, something is wrong. I just tested, and when I renew our certificate, Thunderbird does not give any errors.