Hello, I experienced the same situation a few days ago with version 7482. Like J Lee's comment, I cannot confirm whether with previous versions we should restart the service or not. For years, we had only one certificate on the main domain and we instructed our customers to use this domain name as the server address.

But lately, with the implementation of MAPI and for ease of activation of accounts in client software using Autodiscover such as Outlook, it is preferable to activate certificates on each of the domains. So we started using a Let's encrypt SAN certificate and it has worked very well so far. However, I haven't added other domains since the initial installation a few days ago, so I haven't re-exported the certificate, so I don't know whether to restart Everytime.

On the other hand, if it is the case and that it will be necessary to restart the service following a modification of version of the certificate, that means that each time that we add a domain in our SAN certificate, this will oblige us to make a restart of Smartermail, and this is not desirable, because we will have to do it every night to avoid interrupting the service.

* Note to the Smartertools team: can you confirm that this is the case and that it is completely normal or is it not supposed to be the case?

Thank you Guys!

Update: Tonight, I added additional domain names to our SAN certificate and overwritten the certificate that was already in production. After validation, I did NOT have to restart Smartermail. The new domain names added are functional and respond on secure ports as expected.

I put forward a hypothesis: maybe who if I had to restart Smartermail the first time, it is perhaps that I had passed from a wildcard certificate to a SAN certificate, and which in addition was not from the same certification authority? Note: Before doing this test, I also updated from version 7482 to version 7488.

@J Lee : Did you also change the type of certificate (or certification authority) before being forced to restart Smartermail?

Hi Francis

I switched from *. Wild card to *. Wild card, but change the cert assigned to the port from .cer to .pfx.

Did you export the cert and assign the new cert to each SSL/TLS port?

I didn't think the new Smartermail could use .pfx for port certificates, it always failed when i tried.
Just for everyones info. CertifytheWeb (LetsEncrypt) have an app that you can use to create and deploy the LetsEncrypt certificates and the newest release version will now deply those certificate to IIS, exchange, Apache or just extract and copy the .cer to a folder of your choice making the whole process of IIS domain and port deployment now automatic.

@Karl, we've used a pfx file for many many many years without issues.

Same, we use pfx certs on SmarterMail without issues

A further update to this. If you change any binding in IIS, like adding a new ip and ssl cert to a new domain so MAPI will work in Outlook Desktop. This will take all ports on the server down, and you will need to restart Smartermail Service and boot all your users out, to get the email server back up.

SmarterMail_7488

IIS Ver 8.5.9600.16384