Server Ubuntu 16.04 Apache + ISPConfig 3.1.1p1 installed according to the Perfect Server tutorial perfect-server-ubuntu-16.04-with-apache-php-myqsl-pureftpd-bind-postfix-doveot-and-ispconfig I have a development server (see above) with FQDN like server2.example.com. I set up a website in ISPConfig for [www.]example.com and checked the SSL and Let's Encrypt checkboxes. This worked as expected: it installed an LE certificate package (.crt, .key, .bundle symlinks) for example.com and alternate name www.example.com, and the site works fine with https. I then created a 'Subdomain for website' – server2.example.com – and that hostname was automatically added to the original certificate, again as expected. So far, so good. I then created a 'Subdomain (Vhost)' – dev.example.com – and set up a website on it. This time LE created a new certificate package for dev.example.com, which was not what I expected, but the website seemed to work fine with https (showing the green padlock) so I assumed that this behaviour was by design. However, when I tested the domain with the Qualys SSL Server Test I found that the second certificate, for dev.example.com, was marked No SNI and produced two errors: Common names dev.example.com MISMATCH Trusted No NOT TRUSTED Everything else was the same as the first certificate, which showed no errors and was marked as TRUSTED. So, I have some questions:  Was the creation of a second certificate for the Vhost subdomain correct, or is it a bug?  Given that the dev.example.com website seems to be working fine, and the certificate is accepted, should I worry about the errors detected by the SSL Server Test?  Is there any way within ISPConfig of telling Let's Encrypt in advance, i.e. before creating the main domain certificate, what subdomains I will need, so that they can all be included in the certificate? Thanks in advance for your help.