I installed Virtualmin using the install script on a virtual server with Ubuntu 18.04 I originally installed on LEMP (-b LEMP), but I reinstalled with Apache (LAMP, no arguments added to the install command). I’ll explain why later. The FQDN I used was rpaserver1.com.
After installing, I created 2 virtual servers: rpaserver1.com and second_domain.com (not the actual name). For both of them, in enabled features, I UNCHECKED Setup DNS zone and checked Setup SSL website too. The other boxes I didn’t change.
For DNS I use Cloudflare. I’m attaching a screenshot of the DNS records for rpaserver1.com. The other domain’s DNS is essentially the same. Sorry, I can't see how to attach files.
After creating the domains, I then setup Let’s Encrypt certificates for each. For each the “Domains associated with this server” are the domain, www and mail. At this point I should explain that I switched from nginx (LEMP) to Apache (LAMP) because when I used nginx, only the domain and the www domains appeared here-NO mail domain.
I indicated 2 months between renewals and requested the certificates. This was successful.
I then created an e-mail account on each domain: email@example.com. I use Thunderbird and set both of these accounts up in Thunderbird. In this setup, incoming mail settings are mail.domain.tld on port 995. Outgoing settings are mail.domain.tld on port 465.
The e-mail works, but not the certification process. When I check e-mail or send e-mail, I get an “Add security exception” window that allows me to add an exception. Adding the exception allows the e-mail to finish (send or receive) properly.
The “Add security exception” window has an option to see the certificate received. I’m attaching a screenshot for both. Note that the “Issued To” and “Issued By” fields are ALMOST identical in both: “rpaserver1.com”. But the rpaserver1.com certificate has”.” before the domain. The certificate for the other domain doesn’t have the “,”, but it uses the same domain, rpaserver1.com, not the domain of the e-mail. And neither indicates mail.domain.tld.
What do I need to do to get the certification process working properly for my e-mail?