If you want to make the mailcow and SOGo UI’s also to be reachable via mail.domain2.com etc. then you need to set
ADDITIONAL_SAN
and ADDITIONAL_SERVER_NAMES
according to this:
Also you should create ALL the needed certificates on Traefik as this will be the focal point for Lets Encrypt.
You need to copy those certificates then from Traefik to mailcow according to this: