Virtual Server Mail Service Certificate Wrong After Successful LetsEncrypt Renewal


On a working and updated Ubuntu 16.04 server with Virtualmin Pro, I have a virtual server that is used as a private SMTP gateway (for copier machines and the like).

It is not the primary virtual server (domain) and uses the IP address shared with the primary virtual server (domain).

After the initial configuration, including a LetsEncrypt SSL certificate, SMTP mail clients connecting to '' or '' (STARTTLS on ports 25 and 587) were presented with the matching cert and all was well.

However, and I think it happened upon a recent (successful) LetsEncrypt certificate renewal, the cert being presented on ports 25 and 587 (STARTTLS) has changed back to the cert for the primary virtual server (domain) and therefore no longer matches the hostname. The cert being presented on port 443 (SSL) is the newly updated cert and DOES match.

I need LetsEnctrypt renewals to work for e-mail services (STARTTLS ports 25 and 587).

Am I doing something wrong? Expecting too much?

Any suggestions for me?

Would using a dedicated public IP address fix this? I'd rather not 'waste' one...

Thanks in advance,




Do you want to have different certs for different domains that clients connect to? If so, you would need an separate IP per domain.