We can add up to 100 SANs in one Let's Encrypt SSL certificate. However:
- Postfix doesn't support SNI
- Dovecot support SNI but it would be tedious to add one configuration entry per customer domain
- There are also some mail clients which don't support SNI
The best we can do is something like the following (this is planned for i-MSCP version 1.4.0 with next LetsEncrypt plugin version):
- Set Postfix server hostname with something like: smtp.domain.tld
- Set Ftp server hostname with something like: ftp.domain.tld
- Add the following SANs in the services SSL certificate: ftp.domain.tld, smtp.domain.tld, imap.domain.tld, pop.domain.tld
- Add the following entries in the Dovecot configuration file
Note: Here I presume that a reverse DNS lookup would give smtp.domain.tld.
BTW: The Let's Encrypt CA doesn't support issuance of wildcard SSL certificates but allow you to add up to 100 SANs perl SSL certificate.