> Using certbot (with a validation method that works with auto renew) i > can create a certificate on the backend.exmample.com server and tell > certbot the certificate will be for submission.example.com even though > submission.example.com will not resolve to the server im running certbot > on? >
I believe here is an answer: Viktor: [quote] No you just have to *also proxy port 443* as well as 587, and then Let's Encrypt will issue a certificate for submission.example.com to (one of the) underlying servers. [/quote] Letsencrypt will connect to the "submission" but request would go to the "backend"