Hi friends I promised to make a professional post server to my friend. So I found and studied Your excellent manual for Debian "Perfect-server-debian-8-4-jessie-apache-bind-dovecot-ispconfig-3-1". I made and livened the server with it. The server works in test mode but till now WITHOUT SSL. It works include ISPConfig 126.96.36.199p9. The technical requests received from my friend was these: 1) a professional post server for small internet provider here in Czech Republic - one small town and some villages around. 2) it will work for about 200 people (mailboxes) 3) main domain will be only ONE (name of server = postak.vscom.cz ) ...on this main domain will run the server with all services (ex : ISPConfig, web interface Apache2, Postfix (for TLS connections), Courier and Dovecot (for POP3s and IMAPs), and PureFTPd (for TLS/FTPES). etc. BUT this server will receive the mails for more domains (see example below): domainname2.cz domainname3.cz domainname4.cz ... domainname9.cz 4) connection between the people must be SSL (receiving on the port 995 and sending via 465 or 587) 5) people will use mail Client software OR webmail (Your Roundcube is already works - very nice !) It means: Postfix with other services will receive mail for people mentioned up and put it to the mailboxes on the server. for example: somebody will send a mail to email@example.com and this e-mail will be received via mentioned post server ( postak.vscom.cz ) and placed to the local mailbox on mentioned server. People (customers) will download mails via POP3 protocol the mails from mailboxes to their PC´s and NTB´s (maybe later also via IMAP ...) And the post server (POSTFIX) will send a mail for them, of course ... And my questions are: How to work in this case with SSL certificate ? Because it is only ONE server for all services BUT works (read them) with mails for more domains. Must I have a certificate for more domains OR only for ONE ( main server) ? Moreover: my friend already got from his big internet provider (they have from them some public IP addresses) free of charge a certificate for server "postak.vscom.cz", but it was NOT generated via request directly from this mail server. (format of it is that: PFX (for certificate) and PEM (for private key). Is it sufficient and usable ? And if Yes, how to implement this to the server? As I know, normal system is to generate request (and private key of course) directly from the final server and certificate, received from the certificate authority, put to the server ... Till now post server works on the old Windows mail server, but i must quickly finish my already prepared new Debian server. The only problem is SSL certification.