Logout

Alt-N Discussion Groups > MDaemon Discussion Groups > MDaemon Support > Archive > Let's Encrypt and Multiple Domains

 [F] Alt-N Discussion Groups  / MDaemon Discussion Groups  / MDaemon Support  / Archive  /

Let's Encrypt and Multiple Domains

[Wyatt, Martin]
Martin Wyatt
Newbie
Newbie
Posts: 22
Martin Wyatt - 08:42am, Jun 11 2021

Let's Encrypt and Multiple Domains

This has been discussed in the forums before, but my experience is different.

I've successfully used the built-in Let's Encrypt on MDaemon with our domain for years (mail.domain1.com). I recently added a second domain (mail.domain2.com), and as instructed by MDaemon support, included mail.domain2.com in the "Alternate host names" field for the Let's Encrypt Powershell Update.

Technically this works, but it has the negative impact of always reversing the certificate's "Issued to" from the mail.domain1.com to mail.domain2.com. The problem is this causes email from mail.domain1.com to fail with some recipient domains because the certificate doesn't match the sender.

The side issue with this is email users of mail.domain2.com cannot use their own SMTP server (mail.domain2.com) because this causes a certificate security error every time they open Outlook. My workaround has been to change the Outlook SMTP server setting for users of the mail.domain2.com to mail.domain1.com. This eliminates the certificate security warning but is awkward and unprofessional because one entity is using someone else's SMTP server to authenticate.

One solution I've thought of is to use Let's Encrypt only for the primary domain. Additional domains would require me to purchase SSL certificates and install on the server, but I've not attempted this yet because implementing SSL can be confusing.

Does anyone have any suggestions?

  (older msg: 3)All MessagesOldest ItemsOlder ItemsNewer ItemsNewest Items

Martin Wyatt - Jun 18, 2021 7:57 am (#4 Total: 5)  

 

Photo of Author
Martin Wyatt
Newbie
Newbie
Posts: 22
Replying to: Arron Caruth (Jun 18, 2021 7:22 am)
when you go to https://mail.domain2.com with your browser and you get a not secure warning, does the browser provide any additional...

Ugh. The cert no longer gives the error. I'm really sorry. I suppose I'm expecting immediate results when I modify the SSL cert with MDaemon/Let's Encrypt. Evidently it takes some time (overnight maybe??) to propagate. True, the cert shows the primary domain, but going to the secondary domain shows SSL Secure.

The lesson I've learned in all this is to:
1. Do not confuse Let's Encrypt with the manual add SSL cert
2. Wait for a few hours for things to level out once an alternate domain is added

It's working properly as you describe. Thanks for putting up with my mistakes!

Arron Caruth - Jun 18, 2021 8:07 am (#5 Total: 5)  

Guest User  

Photo of Author
Posts: 1
No worries, I'm glad it's working for you now. 
 

--
Arron Caruth
Vice President of Product Development
o: 817-601-3222    e: Arron.Caruth@mdaemon.com

MDaemon Technologies
Simple Secure Email
Visit us on www.mdaemon.com | Facebook | LinkedIn | YouTube
Sent using the MDaemon Email Server

On Fri, 18 Jun 2021 07:57:09 -0500, "lists-md-support@mdaemon.com (Martin Wyatt)" <lists-md-support@mdaemon.com> wrote:
Ugh. The cert no longer gives the error. I'm really sorry. I suppose I'm expecting immediate results when I modify the SSL cert with MDaemon/Let's Encrypt. Evidently it takes some time (overnight maybe??) to propagate. True, the cert shows the primary domain, but going to the secondary domain shows SSL Secure.

The lesson I've learned in all this is to:
1. Do not confuse Let's Encrypt with the manual add SSL cert
2. Wait for a few hours for things to level out once an alternate domain is added

It's working properly as you describe. Thanks for putting up with my mistakes!


View/reply at Let's Encrypt and Multiple Domains
--MD-SUPPORT--------------------------------------------------------------
This list is for questions and discussion about MDAEMON. To unsubscribe 
from this mailing list send an email to md-support-unsubscribe@mdaemon.com .
--POWERED BY MDAEMON!-----------------------------------------------------

--------------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user 
support and discussion.  MDaemon staff members may participate in the 
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical 
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
--------------------------------------------------------------------------

--MD-SUPPORT--------------------------------------------------------------
This list is for questions and discussion about MDAEMON. To unsubscribe 
from this mailing list send an email to md-support-unsubscribe@mdaemon.com .
--POWERED BY MDAEMON!-----------------------------------------------------

--------------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user 
support and discussion.  MDaemon staff members may participate in the 
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical 
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
--------------------------------------------------------------------------



  All MessagesOldest ItemsOlder ItemsNewer ItemsNewest Items



 Content:

Read New | Search

 Guest:

Email to Admin



You are visiting as a Guest user.