Apologies in advance for the slightly OT question. I've used Postfix since the beginning on a relatively small server. I was thankful when Let's Encrypt made it possible for me to automate and have "real" certs vs the pain of having to deal with and renew self signed certs (if that will even work anymore).
With this latest letsencrypt announcement, is this going to hose my Postfix TLS? I'm far from proficient at the cert business, grateful that is "just works" now. Worried about how this will affect me. Announcement email today from outre...@letsencrypt.org: " Ending TLS Client Authentication Certificate Support in 2026 Let's Encrypt will no longer include the "TLS Client Authentication" Extended Key Usage (EKU) in our certificates beginning in 2026. " Most everything TLS related in my main.cf (let me know if you need to see the whole config): broken_sasl_auth_clients = yes smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_tls_security_options = $smtpd_sasl_security_options smtpd_sasl_type = dovecot smtpd_tls_session_cache_timeout = 3600s smtpd_tls_cert_file = /etc/letsencrypt/live/[myhostname]/fullchain.pem smtpd_tls_key_file = /etc/letsencrypt/live/[myhostname]/privkey.pem smtpd_use_tls = yes tls_random_source = dev:/dev/urandom smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3 smtp_tls_mandatory_protocols=!SSLv2,!SSLv3 smtpd_tls_protocols=!SSLv2,!SSLv3 smtp_tls_protocols=!SSLv2,!SSLv3 tls_preempt_cipherlist = yes _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
