multi-site SSL certificates

Jeff Abrahamson jeff at
Mon Apr 2 15:25:51 EEST 2018

I'm handling mail for several domains, let's call them,,
and  I have certificates for each of these domains individually
via certbot (letsencrypt) and nginx is happy with all of that.

Since I initially configured the site to handle mail only for,
my /etc/postfix/ file currently has these two lines:

    smtpd_tls_cert_file = /etc/letsencrypt/live/
    smtpd_tls_key_file = /etc/letsencrypt/live/

But I see that mail test tools are reporting that MX for and are misconfigured due to an SSL name mismatch.  Indeed, this is

So I believe I should generate a multi-site SSL cert.  I try this:

    sudo certbot  certonly  --cert-name postfix  --webroot \
      --webroot-path /var/www/a-com -d -d -d \
      --webroot-path /var/www/b-com -d -d \
      --webroot-path /var/www/c-com -d -d

And that fails with a bunch of errors like this:

    Type:   unauthorized
    Detail: Invalid response from
    <head><title>404 Not Found</title></head>
    <body bgcolor="white">
    <center><h1>404 Not Found</h1></center>

I see that the file


is being created (and one other file, too) but that nginx reports that
the _directory_


doesn't exist.

Multi-site + letsencrypt + postfix is a subject that has recently
changed quite a bit, so I'm suspecting my web reading is merely
leading me astray.  It is also entirely possible I've misunderstood
things about SSL certificates.  Any pointers how to generate (or point
to) the certificates that I need to make those who contact my postfix
instance happy with their SSL conversation?


More information about the dovecot mailing list