Re: Let's Encrypt + Postfix TLS + iOS Mail

[lists]

Have you tried to add the certs to the root store on your phone? I'm not on an iPhone, but that is what I did for Let's Encrypt. And it doesn't seem to always work. There was a thread I started a while ago on just buying certs. When I get around to it, that is my plan. This Let's Encrypt looks like a problem.  I had to use the "der" files on the phone. https://letsencrypt.org/certificates/ From: Steve Jenkins Sent: Monday, November 14, 2016 6:08 PM To: postfix users Subject: Let's Encrypt + Postfix TLS + iOS Mail I've had TLS working great on my Postfix servers for years, and I recently tried switching one of my boxes to a Let's Encrypt certificate. A Gmail test account using TLS on port 587 works fine, but the iOS mail client complains about the certificate being untrusted. Further digging shows it doesn't like the CA. I added the fullchain.pem file to the '/etc/postfix/ssl/cacert.pem' I use for 'smtpd_tls_CAfile' but that doesn't fix anything. Has anyone been able to get an iOS mail client to use a Postfix SMTP server with TLS? Here are my current (working) TLS-related entries in main.cf: # postconf -n | grep tls smtp_tls_CAfile = $smtpd_tls_CAfile smtp_tls_loglevel = 1 smtp_tls_security_level = may smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/pki/tls/certs/example.com.crt smtpd_tls_key_file = /etc/pki/tls/private/example.com.key smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_security_level = may It breaks (on iOS) if I change the smtpd_tls_cert_file and smtpd_tls_key_file to the Let's Encrypt cert and key. Thanks, SteveJ