Because I’m also a “Zentyal refugee” I must refer to another facility that not exist on NS: Server Certificate Manager.
Zentyal generate certificates for the main domain and also for every virtual domain that you create on the server (email domains in my case).
The certificate issued by NS is only for the main/initial Server name (hostname and domain) and works perfect.
But in case (my case) that you have other domains (email domains), the certificate is not valid (please see the images below).
"When Let’s Encrypt is enabled, the system will create and automatically renew:
- one certificate for server FQDN - all enabled server alias will be added as SAN (https://en.wikipedia.org/wiki/SubjectAltName) to the FQDN certificate - one certificate for each domain enabled inside the certificates database"
If YES, HOW?
What it means ***“inside the certificates database”***?
I read what you wrote there but there are two different things (or not?):
server alias(es)
each domain enabled inside the certificates database
I thought that is not about server alias(es) because the virtual domains are not aliases for main domain (are not in NS → DNS → Server alias), there are individual/different domains. Or is it really about it and I misunderstand?
In this case, all email domains created in NS → Email → Domains will be “seen” by Let’s Encrypt as “server aliases” as is write here: “The FQDN certificate can be extended to be valid also for extra domains configured as server alias. This feature is called SubjectAltName (SAN)” and all those domains are “enabled inside the certificates database”?
EDIT:
I must to add all email domains also in NS → DNS → Server alias as is write here: “Create a server alias inside the DNS page, then enable Let’s Encrypt on the newly created record.” ?
But this will be OK? Will be not generate errors?
Sorry for those questions but I try to learn and understand.
The server is “mail.emailhosting.abt.ro”. On this server, are hosted different email domains which are not aliases for “mail.emailhosting.abt.ro”.
All domains are registered on our external DNS server (ns1.abt.ro) as FQDNs.
I think this will be usefull also for web hosting (let’s say “www.webhosting.abt.ro” with many www domains).