If I want to use mail on one of my domains (say, example.com), is it necessary to use mail.example.com for my mail domain, or can I use the plain example.com? Up to now, on other panels I have tended to use the plain example.com rather than mail.example.com. For me this has a couple of advantages.
It is a bit simpler when setting up email clients – all my email users’ accounts are set up with only example.com, so having to use mail.example.com requires helping all of them to change their email client settings. If I can keep the mail server as example.com, then no changes are required.
More particularly, I can use a single-domain SSL certificate which I have purchased for both the web server (port 443) and the mail server (ports 587, 995, etc.).
I know that Let’s Encrypt should be a possibility to bypass the SSL issue, but I have so far not been able to get a Let’s Encrypt certificate issued; I keep getting errors with the validation. (I have posted a separate query for that issue.)
Yes because Hestia only supports mail.example.com and it configures Dovecot with that local name and also if using Let’s Encrypt Hestia will issue a certificate for mail and webmail subdomains.
No because if you get a wildcard certificate, valid for *.example.com and example.com you can add it to your mail domain and you will be able to connect to dovecot and exim using only example.com instead of mail.example.com.
I’m also using bunny as DNS server and I issue my wildcard certificates using acme.sh and DNS challenge but as I said, that is not the Hestia way and you will need to create scripts to automatize it, etc.
Well, I think that saying to your users to use mail.example.com instead of example.com when configuring their email clients shouldn’t be a big deal.
Thank you, @sahsanu, that make sense. I will stick to the Hestia method. It’s certainly not too much trouble for the users to configure their email clients with the mail subdomain name.
I have now figured out how to get the Let’s Encrypt certificates issued, so I don’t have to rely on purchased SSL certificates and can easily issue as many Let’s Encrypt certifictaes as I need.