Not sure what you mean by "second domain" but here's how you'd secure Nginx with Let's Encrypt:
- Open and edit the SSL template file: sudo nano /etc/nginx/templates/ssl.tmpl
Find the following 2 lines:
ssl_certificate /etc/ssl/certs/iRedMail.crt;
ssl_certificate_key /etc/ssl/private/iRedMail.key;
Replace them with:
ssl_certificate /etc/letsencrypt/live/mail.your-domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mail.your-domain.com/privkey.pem;
Save and close the file. Then test nginx configuration and reload:
sudo nginx -t
sudo systemctl reload nginx
You will also need to configure Postfix and Dovecot to use the Let’s Encrypt issued certificate so that desktop mail client won’t display security warning.
Edit the main configuration file of Postfix:
sudo nano /etc/postfix/main.cf
Find the following 3 lines:
smtpd_tls_key_file = /etc/ssl/private/iRedMail.key
smtpd_tls_cert_file = /etc/ssl/certs/iRedMail.crt
smtpd_tls_CAfile = /etc/ssl/certs/iRedMail.crt
Replace them with:
smtpd_tls_key_file = /etc/letsencrypt/live/mail.your-domain.com/privkey.pem
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.your-domain.com/cert.pem
smtpd_tls_CAfile = /etc/letsencrypt/live/mail.your-domain.com/chain.pem
Save and close the file. Then reload Postfix:
sudo postfix reload
Next, edit the main configuration file of Dovecot:
sudo nano /etc/dovecot/dovecot.conf
Find the following 2 lines:
ssl_cert = </etc/ssl/certs/iRedMail.crt
ssl_key = </etc/ssl/private/iRedMail.key
Replace them with:
ssl_cert = </etc/letsencrypt/live/mail.your-domain.com/fullchain.pem
ssl_key = </etc/letsencrypt/live/mail.your-domain.com/privkey.pem
Save and close the file. Then reload dovecot:
sudo dovecot reload
To auto renew certificate, simply open root user’s crontab file:
sudo crontab -e
Then add the following line at the bottom of the file:
@daily letsencrypt renew --quiet && /usr/sbin/postfix reload && /usr/sbin/dovecot reload && systemctl reload nginx