So you’re saying that the concept is to turn off the internal cert within Mailcow and use the external certificate already generated for e.g. webmail.mydomain in my external proxy?
I hadn’t considered this. The main concern I have is the updating of the certificate being that lets encrypt updates every 3 months I think and the means a manual copy unless I can find a way of automating it, or perhaps some kind of certificate share. Am I on the right track?
I’m not 100% sure I should care about certificates getting out of date on the smtp side of things, given that this is just my client to the server right? All the server to server stuff is still 25 for the most part, though I think I read this has moved to an optional negotiation of secure smtp also, is that right? Perhaps that’s what the importance of the certificate is?
Or perhaps I should send SMTP through the external proxy instead of leaving that part direct.