On another forum, someone who knows more about email than i, outlined that the following are options with SSL Certs: In shared scenarios people will either: 1) Use a SSL with SANs to cover all domains 2) Use multiple IPs to handle the traffic (being phased out and no longer really accepted) 3) Use 1 domain name that has a published cert and redirect traffic to that It really depends on what you are trying to accomplish and how much time / money / effort you want to invest If you are trying to setup a shared hosting service, maybe have a look at Plesk or WHM as it will do most of this for you Option 3 above is the model I believe i currently use in Postfix, however, whenever new clients configure their email client apps they get an invalid SSL certificate error. My understanding is that this is always a problem with shared hosting. 1. If I decided to choose option 1, how do I get the existing SSL with SANs to update to automatically add new users to the host SSL with SANs certificate when they sign up for services in ISPConfig? If using a Letsencrypt cert for the Server (i dont know if Letsencrypt actually does this btw), would we have to manually reapply or SSL or the host every time? -can this be automated based on new clients? -Is it achieved via a cron? -What is the procedure for creating a cron that would perform this task for the host SSL? 3. Is SSL with SANs the same as Wildcard, or does Wildcard only apply to subdomains of VPS host fqdn?