I’m shocked, frankly, that it’s been this many years and there still isn’t a solution for the problem of security for our webmail and mailing list servers on DreamHost. I see posts going back more than a decade about this problem. The lack of progress is stunning, really, considering how critical security is in this day and age, and how many bad actors there are in the world trying to get at our information.
The inability to provide proper, valid security certificates for our
lists.* servers is incredibly disturbing. Yeah, they’re using the general DreamHost certificate, but browsers are all implementing increasingly scary warnings for this scenario because it’s so easily manipulated with ill intent.
Given the ease with which we’re able to add certificates from Let’s Encrypt and elsewhere to our sites now (thank you, DreamHost, for supporting Let’s Encrypt!), it should be close to trivial to offer the option to add the same certificate with a wildcard (supported by Let’s Encrypt since March 13, 2018), a specific set of subdomains (using SAN, also supported by LE), or a different certificate entirely, but with the correct domain information, to these mail service domains.
Certainly using a wildcard should make it pretty easy to set these things up; just let us choose whether or not we want a wildcard cert when obtaining a certificate, and then put it on all the subdomains from there out. Using SAN would take a little more setup work but would be nice in that it could be more specific about what subdomains would be covered. For my needs, though, a wildcard cert would be fine (I want all my domains and subdomains to be secured).
Please, please fix this, DreamHost! This madness has gone on long enough!