I'm somewhat fighting with this issue too at the moment.
The hostname LetsEncrypt-cert seems to be installed properly. Same goes for domains.
I've given certain domains a seperate LetsEncrypt-cert as well, this seems to work good for https-browsing, but with emails from the domains, when trying to use the LE-cert for a subdomain like "mail.domain.nl", emails sent from this domains are being rejected because the domainname doesn't match the hostname in the cert.
Testing an email-address (
[email protected]) at CheckTLS.com, gives this result;
Code:
[001.257] Cert VALIDATED: ok
[001.257] Cert Hostname DOES NOT VERIFY (mail.mydomain.nl != server.hostname.net)
[001.257] So email is encrypted but the host is not verified
So, how does one get this to work properly?
(I think these kind of things should/could be more clearly handled by DA.
DA could have a table or extra column in DNS Administration, showing which domains have certs installed, and also which subdomains are incorporated into the cert as well.)
Edit:
Just found out the cert-error is also triggered on domains I haven't installed a seperate LE-cert for, so something isn't 'connecting' yet in my setup it seems.
-------
2nd EDIT:
Found out the following;
Serivce : Domain --------> Domain in Cert hostname
Apache : mydomain.nl -> mydomain.nl -> Match
Exim : mail.mydomain.nl -> server.hostname.net -> No match