We have a virtual server, $DOMAIN, for which LE wants to create an SSL certificate (by default) using the following domains:
This is unusual b/c the other virtual servers on this server only default to creating an LE cert for $whatever and www.$whatever (i.e., NOT mail.$whatever). No worries, though - I'll just override this with "Domain names listed here" in the LE creation screen and specify only $DOMAIN and www.$DOMAIN.
Now, I've created mail.$DOMAIN as a separate virtual server because I want to set that up with its own site, and create an LE cert to use in Postfix/Dovecot for everyone else to use on the server. All's well.
However, when the LE cert for $DOMAIN and www.$DOMAIN gets auto-renewed, it gets installed into Postfix/Dovecot for mail.$DOMAIN despite the fact that that's not a valid alternate name on the certificate.
I cannot tell where it's getting set that mail.$DOMAIN should be included under "Domains associated with this server" as mail.$DOMAIN is most certainly not associated with the $DOMAIN virtual server (at least, not intentionally!). And I cannot tell why it would possibly be associated with the mail.$DOMAIN settings in Postfix and Dovecot once it's renewed.
This is bizarre enough that I'm not sure I'm even doing a good job of explaining the problem. That said, does anyone have an idea of what might be happening here and how I can prevent further conflicts?
Please let me know if I can elucidate any further.