I may not be doing this right, or not groking things properly, so if that is the case please advise. I am hosting a number of virtual domains on my Axigen servers and I want to use SSL/TLS connections between my users and their virtual domain server. The trouble I am having comes about because Axigen requires me to use a single certificate issued in the name of my primary domain, for all the SSL connections to all my virtual domains. That causes a warning notification on my users client applications about the usage of a potentially invalid certificate.

This is particularly troublesome when using LetsEncrypt certificates which expire every 90 days, but all SSL certificates used for virtual hosted domains have this issue. So when the certificate is renewed, it leads to all email client applications, using SSL connections on these virtual hosted domains, to posting a dire looking notification telling the user that the certificate being used for that virtual hosted domain does not match that URL of the primary domain in which name the certificate was issued/renewed. Most naive users don't understand this at all and panic when they see these notifications. They have no idea how to handle it or how or whether they even should make an exception to go ahead and use the new certificate.

To solve this, I propose either Axigen allow the association of unique certificates for each virtual domain (and not just for the webmail interface which they currently do), if that is possible, OR to have the Axigen server automatically send out an email notification to all users in a virtual domain, at a specifiable number of days before their domains certificate is scheduled for renewal and/or when it is actually renewed, giving them a heads up and instructions on what to do when they get the warning notification about the new certificate not matching the virtual domain name they are using for their secured emails. (This may also be applicable to the renewal of all certificates regardless of whether they are being used for virtual domains or not, I am not sure how or whether that is handled seamlessly also...)

This would help us Axigen administrators by cutting down on the number of panicked user calls, asking us what they should do!