Exim4 multiple domains letsencrypt

Hi all,

i am struggling to set this up correctly here. Any help will be highly appreciated.

Hestia is installed on a fresh Debian 10 server with default installer.

Server IP:
DNS: ns1.joeken.info
Reverse DNS: ns1.joeken.info

I have not changed any of the configuration files for exim4/dovecot yet. Everything is still default from Hestia’s installer.


Domain1: joeken.info
Domain2: joinedworkspace.eu

Domain1 MX: mail.joeken.info
Domain1 mail A

Domain2 MX: mail.joinedworkspace.eu
Domain2 mail A

Both domains have ns1.joeken.info and ns2.joeken.info set as their name servers. So Hestia is in charge to server DNS for both domains.

E-Mail Domains:

When i try to set up email clients (phone/laptop/pc) with the below given info, it comes up with a certificate error as its serving the certificate for ns1.joeken.info instead of the correct one for mail.domain.tld.

Setup E-Mail address:


Please, if you could help me solve this issue.

Just checked out mail.joeken.info and all looks good, including starttls on port 587. Have a look how to verify the shiped ssl certificate: Blog · How to test SMTP servers using the command-line · Halon MTA

Even startssl on imap (143) ships the propper let’s encrypt cert - all seems to work well form here.

Thanks for your quick reply. I see what is happening here. All the clients did use the auto config with smtp.joeken.info and imap.joeken.info.

Looking good now with the correct details.

Could we prevent the use of smtp.domain and imap.domain or is this something hardcoded in the clients?

This is nothing we can change from our side, is hardcoded :slight_smile:.

i see that there is dns entries for both domains. would it not work if we would get rid of them?

You can get rid of them and use a valid MX record.

But you will have to tell your clients to conect to XYZ.server.com instead of imap.mydomain.com

I have not done it yet but since I want only one SSL certificate for the server this should be the way to configure and I should erase those options.

Totally agree, would definitely be easier.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.