> On Oct 1, 2019, at 12:39 PM, linkcheck <post...@linkcheck.co.uk> wrote:
>
> Letsencrypt supplies 2 files. I don't think it combines them inso a single
> one, though I may be wrong. I know it's possible to combine them on the
> server but the auto-update of the cert then becomes complicated.
That's mostly OK. You can use two files if you wish, there's a tiny
chance of a Postfix SMTP server reading a mismatched pair of key and
cert during a rollover, if you're changing both the cert and the key.
This can be avoided by staging a single file with both, which is
verified to have a matching key and cert before it atomically
replaces the live Postfix key + cert file.
Most users are very unlikely to see the race condition play out,
on their system but it probably happens to *someone* now and then,
(law of large numbers and all that...).
--
Viktor.
