Topic: iRedMail Letsencrypt Certificate for a second domain added

- iRedMail version (check /etc/iredmail-release):
- Deployed with iRedMail Easy or the downloadable installer?
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
Hi guys.
I am in a need of a second domain added to my mail server.
I have made the required thing into the DNS zone of the second domain, I have added the domain from the Admin area from iRedMail and also I have created a mailbox for this second domain.
I have tested it using RoundCube and it is working.
I need some help, please, with generating the SSL Certificate from Letsencrypt for this second domain.
As far as I remember from the config for the first domain, iRedMail uses one certificate that is named iRedMail.crt from the SSL Certificates folder and this certificate's key from the Private folder.
Is it ok to just use this second domain as it is? I receive a warning message in Thunderbird when I try to add this mailbox, a warning that is reffering to this second domain, and that it trying to impersonate the first domain.
Is it all good?
Example: domain1.com is the first domain that was added and used while configuring the server. On this domain, let's say that it exists office@domain1.com.
Now I have added domain2.com and created office@domain2.com.
When I try to add office@domain2.com in Thunderbird, that warning pops.
Looking forward for your answers.
Thanks in advance!


Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team.


Re: iRedMail Letsencrypt Certificate for a second domain added

The mailserver itself can only serve a single cert to identify itself, you need to use the cert that matches the mailservers helo name.

for example:

your mailserver is named: mail.example.com

your cert needs: example.com mail.example.com

then your mailservers needs the helo(hostname) mail.example.com

if you try to auth with the mailserver, you should get exactly that cert and no mismatch anymore