With HTTP/2, the multiple certs for the same IP couldn't be simpler to implement. However, is there a similar strategy we can use for Email? People can use mail.<mydomain.tld> in their clients for their incoming and outgoing email servers and it works, but the cert doesn't match, and they get warnings. They can log into your email server with mail.yourserver1.com and not have a problem. The problem comes in when you move them from mail.<yourserver1.tld> to mail.<yourserver2.tld> whereas if they had used mail.<mydomain.tld> they wouldn't have to change anything, but they would get the error. Am I missing something or is this still just a bit of a mess?