Exim4 multiple domains letsencrypt

Dennis · February 9, 2021, 7:58am

Hi all,

i am struggling to set this up correctly here. Any help will be highly appreciated.

Hestia is installed on a fresh Debian 10 server with default installer.

Server IP: 62.210.129.225
DNS: ns1.joeken.info
Reverse DNS: ns1.joeken.info

I have not changed any of the configuration files for exim4/dovecot yet. Everything is still default from Hestia’s installer.

User1:

Domain1: joeken.info
Domain2: joinedworkspace.eu

Domain1 MX: mail.joeken.info
Domain1 mail A 62.210.129.225

Domain2 MX: mail.joinedworkspace.eu
Domain2 mail A 62.210.129.225

Both domains have ns1.joeken.info and ns2.joeken.info set as their name servers. So Hestia is in charge to server DNS for both domains.

E-Mail Domains:

When i try to set up email clients (phone/laptop/pc) with the below given info, it comes up with a certificate error as its serving the certificate for ns1.joeken.info instead of the correct one for mail.domain.tld.

Setup E-Mail address:
Domain1:

Domain2:

Please, if you could help me solve this issue.

Raphael · February 9, 2021, 8:17am

Just checked out mail.joeken.info and all looks good, including starttls on port 587. Have a look how to verify the shiped ssl certificate: Blog · How to test SMTP servers using the command-line · Halon MTA

Even startssl on imap (143) ships the propper let’s encrypt cert - all seems to work well form here.

Dennis · February 9, 2021, 8:45am

Thanks for your quick reply. I see what is happening here. All the clients did use the auto config with smtp.joeken.info and imap.joeken.info.

Looking good now with the correct details.

Could we prevent the use of smtp.domain and imap.domain or is this something hardcoded in the clients?

Raphael · February 9, 2021, 8:49am

This is nothing we can change from our side, is hardcoded .

Dennis · February 9, 2021, 8:51am

i see that there is dns entries for both domains. would it not work if we would get rid of them?

jlguerrero · February 9, 2021, 2:21pm

You can get rid of them and use a valid MX record.

But you will have to tell your clients to conect to XYZ.server.com instead of imap.mydomain.com

I have not done it yet but since I want only one SSL certificate for the server this should be the way to configure and I should erase those options.

Dennis · February 9, 2021, 2:28pm

Totally agree, would definitely be easier.

system · March 11, 2021, 2:28pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.