> > > > The client is trying to TLS with postfix, who has a certificate for > submission.example.com > The client is connected to haproxy.example.com > > haproxy.example.com:587 != crt submission.example.com
You can create a certificate with several domain names. Honestly, I have never tried that for SMTP, but for HTTPS it works. https://knowledge.digicert.com/solution/SO9440.html You can also try to create wildcard cert like "*.mail.mycompany.com" submission.mail.mycompany.com haproxy.mail.mycompany.com