Subject Alternate Name for ISPConfig Sever (+LE certs)

Discussion in 'Server Operation' started by andyschmid, Mar 16, 2022.

  1. andyschmid

    andyschmid New Member

    You have done an amazing job with the automatically created LE certs for the server and all the sites setup. This is really so helpful!

    I do have a questions so regarding the server hostname and potentially getting a automated LE for a subject alternate name:
    I have setup ISPConfig and used a FQDN for the server: This of course creates the LE certificate for My primary domains is and that's what I host as a website. is just a "service" domain that is NOT hosted on the server and is just used for other DNS related configs, e.g. pointing to the webserver.

    Now as described in other posts for Mail when you setup your clients you should not use something like "", on your hosted domain, because that redirects to, in my case, as the underlying server name and this throws an encryption error. So to solve this you use in your mail client configuration.
    Now this all works but it would be nice if I could use something more mail related for client configuration, for example or and

    Question: Is there a possibility to define a subject alternate name for the ISPConfig FQDN name so the Let's Encrypt certs for the these get automatically created?

    Note: I realize I can manually edit the /root/ file and put the desired subject alternate names in there but I am not sure if this get's overwritten again or is this save to do?
  2. till

    till Super Moderator Staff Member ISPConfig Developer

  3. andyschmid

    andyschmid New Member

    Thank you. I saw that threat earlier but I somehow had in the back of my mind that you shouldn't host the domain that you're using for your server as a hosted domain on that same server. That's why I have a separate domain,, instead of
    But anyway if that's the way you work around this I'll do that, no issue.

    Out of interest: Can you manually change anything in the /root/<domain>/<domain.conf> files or does that get overwritten?
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    That's not about the domain, it's about the exact subdomain match. The hostname of a server shall be a subdomain anyway and you should not use e.g. as hostname when you want to have a website, instead, you use e.g. as hostname, and then that's perfectly fine.

    I have not tried that, might get overwritten by updates or a new cert might get generated when there is no exact matching cert.
  5. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    Yes, to my knowledge you definitely can change the renewal conf.

    On whether it may or may not be overwritten will depend on what you do.

    If for example you force create new LE certs for that domain, it will rewrite it using new parameters that you use, however, if you simply renew the certs, it will use the parameters in it and won't overwrite it.

    The best is for you to test this yourself as my notes may not be up-to-date or may be lacking some empirical evidences. :rolleyes:

Share This Page