Mail server, dns, letsencrypt ssl w/ multiple domains - what is the optimal way to configure?

, , ,

My YunoHost server

Hardware: VPS rented online (Contabo)
*YunoHost version: 11.0.9.5
I have access to my server : Through SSH and through the webadmin
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no

Description of my issue

I have set up a new yunohost server to replace an older server which manually (not yunohost) hosted services for multiple domains. Specifically I had set up the Modoboa mail system to host email accounts for multiple domains. Now I’ve set up domain-a.de (main domain) and domain-b.de on yunohost, both are enabled to send and receive emails. I have configured dns for each domain as suggested by the diagnosis which includes that each domain uses itself as the MX entry.
When I then set up a user with a mail account on domain-b, I could not connect to this account via imap (tested Thunderbird and Apple Mail to connect to domain-b.de as the imap server) because they recognize the ssl certificate as coming from domain-a.de. Now I was assuming yunohost pulls a single letsencrypt certificate which then gets expanded to different domains and sub-domains as you go. That’s how I always did it manually, and that worked with dovecot and postfix. Apparently that’s not what happens here. So when I connected to the account via domain-a.de as the mail server, I don’t get an error and it works. Is that the intended way this is supposed to work? Because then it would make sense to enter domain-a.de as the MX for all of my domains that are on this yunohost, despite what the diagnosis suggests. Or is there a way for yunohost to act as a legitimate encrypted mail server for multiple domains that I have missed?

I did btw see the discussion on multiple domains and how to handle that in sso and the issue that’s been laying dormant about it. I have no problem to use a single domain as the mail server, I just find it odd that yunohost mail doesn’t seem to do what apparently the web server does do when it comes to LE certificates. Any clarifications or suggestions are appreciated. Thx for reading!

Hi there,
I’m in the same situation for a couple of years.
It was surprising at first but I am somehow now fine with it.
But now that you talked about it I might start not sleeping again and think about it in loops.
Gosh.
Have a nice day

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.