On Sat, 2019-09-21 at 16:13 +0200, Matus UHLAR - fantomas wrote: > with letsencrypt (and most other certificate authorities), servers need to > provide intermediate certificate in addition to their own cert. > > postfix does not have separate configuration directive for CA chain file (as > apache, proftpd and many other servers have, so you must append certificate > chain file(s) to certificate file provided with smtpd_tls_cert_file or > smtpd_tls_chain_files (since 3.4).
Wait, what? This works perfectly fine for me on debian: smtpd_tls_key_file=/etc/letsencrypt/live/smtp.domainmail.net/privkey.pem smtpd_tls_cert_file=/etc/letsencrypt/live/smtp.domainmail.net/cert.pem smtpd_tls_CAfile=/etc/letsencrypt/live/smtp.domainmail.net/fullchain.pem smtpd_tls_CApath=/etc/ssl/certs/ -Jim P.
