Using a different host for the domain name other than root or www to access webmail


Is there a way to set up the box for access so that, for example, mali.[domainname].com/mail is used instead of www.[domainname].com/mail or [domainname].com/mail? Both the root domain and www are currently being pointed to another box for a website, and I would like to be able to set up an alternate A record for the access of webmail. I can manually set up the external DNS to point to MIAB, but then how would I set up the certificate and Let’s Encrypt so that the webmail can be accessed via HTTPS?


I agree with the frustration.
Having spent some time trying to convince myself MIAB is the way forward I have finally found the gotcha that stops me moving forward.

However I think the problem is that although could be set up for letsencrypt to verify it via http, it would be verifying not (www.), and since mail for the domain is rather than it still needs to verify (www.)

I am using getssl to automate my cert renewals with letsencrypt. Since it is all done with shell script, quite simple to tailor. It has facilties to verify via remote web servers and via dns.

Clearly you wouldn’t want to manually set up certs on MIAB if the certs run out every 3 months.

So we need to know how to automatically renew a certificate from a remote machine. I think?!

I’m not sure that’s the problem…

It would be great if I can set up a certificate for mail.[domainname].com, and I can if I SSH into the box and get a certificate manually, and I can even set up autorenew via cron, but I would have to manually set up a nginx conf file for the new domain, which would subsequently be overwritten on an MIAB update.

I think given that mail and web servers are often on different boxes, and that the root. and www. are often in use for other purposes than for accessing webmail, there should be a feature to allow the setting of the name (and alias) of the url to access webmail, and the ability to set up a certificate based on the same url so that webmail can be accessed via https.

Maybe we are talking at cross purposes.
I can make it work if the mail address is a subdomain, by delegating the subdomain to MIAB dns.
But you don’t really want to have your mailaddress as do you?

Webmail isn’t a factor, as to access the MIAB, any domain could be made to point to the MIAB server. Once there, the logging in credentials are not dependant on dns.

The crucial point is when obtaining or renewing an ssl certificate, the letsencrypt acme server needs a response to a challenge to the domain(s) in question, and this is usually done via http, to prove the requester truly has control of the domain. It can be done over dns but I’ve not tried this and MIAB doesn’ t use it AFAIK.

I tried the MIAB manual install of the certificate copied from my webserver, but it objects saying the ‘wrong private key’. So now I’m wondering whether to use the MIAB private key (I think the same one is used for all MIAB domains) to get Certs for my websites, and whether this would open up a door of opportunity.

At the moment I am still trying to fathom how MIAB manages certs for multiple domains, and how it segregates the management of manually and automatically provisioned certificates.

What do you think?!

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.