On Fri, Jan 22, 2021 at 12:00:25AM +0100, Pau Peris wrote:
> I'm running the following command which shows the content of the
> expired certificate but I'm getting crazy finding the certificate even
> when I have the content of it. For sure it's not in /etc, ...
Postfix loads certificates exactly from where the configuration file
says they are to be loaded from. Since (barring misconfiguration)
Postfix SMTP server processes run only for a limited time before
exiting, stale certificates no longer at the configured location are not
an issue.
This may, or may not be in /etc/, and you search through /etc/ may
or may not be performed correctly. The places to look are the
places mentioned in main.cf, not brute force searches throught
the file system.
http://www.postfix.org/DEBUG_README.html#mail
> openssl s_client -starttls smtp -showcerts -connect we.webeloping.es:587
> -servername we.webeloping.es
Yep, the leaf certificate is expired:
subject=CN = webeloping.es
issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
notBefore=Oct 4 21:47:07 2020 GMT
notAfter=Jan 2 21:47:07 2021 GMT
-----BEGIN CERTIFICATE-----
MIIIpTCCB42gAwIBAgISBNq8AcDQ9eonDq3bUFDfFOmYMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0yMDEwMDQyMTQ3MDdaFw0y
MTAxMDIyMTQ3MDdaMBgxFjAUBgNVBAMTDXdlYmVsb3BpbmcuZXMwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB0HMHiLjY5t6Tpr4gdwZ36wccwoIDV4f3
q6J3n7k8w6bzLetYb7NO6wYwrnHJiqvtiTQebdb+P5H20KvnlPsSBKNTxvbF3JHm
vBDYSG+EvuGW5jmcWRFfchboNuRVD2q4vIUHTDVBiX59WvVbOYzz9iMi786iW6+R
Q77M5EC7k3lcLnvSACUMcMNgFsymmA041MLjJpGL6MQo6tTDgJyJEnM4dlFa9O/a
fmuP4qe3DKUbcPFMQzpbfY7XBupLbNKeEO1J25jhq92sVdE4os1hhUWKDYh5X1of
2xHNk0S4z+mHMShGvXNMHG/Ev0myzyHPfT20OYxcTXJ7rzSZ7fh1AgMBAAGjggW1
MIIFsTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF
BwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFJEGMy7c95BkgFKM0XzJNHAsbgcr
MB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyhMG8GCCsGAQUFBwEBBGMw
YTAuBggrBgEFBQcwAYYiaHR0cDovL29jc3AuaW50LXgzLmxldHNlbmNyeXB0Lm9y
ZzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgzLmxldHNlbmNyeXB0Lm9y
Zy8wggNoBgNVHREEggNfMIIDW4IWYm9iYnl3cC53ZWJlbG9waW5nLmNvbYIVYm9i
Ynl3cC53ZWJlbG9waW5nLmVzghRjbG91ZC53ZWJlbG9waW5nLmNvbYITY2xvdWQu
d2ViZWxvcGluZy5lc4ITZGVtby53ZWJlbG9waW5nLmNvbYISZGVtby53ZWJlbG9w
aW5nLmVzghRkcml2ZS53ZWJlbG9waW5nLmNvbYITZHJpdmUud2ViZWxvcGluZy5l
c4ITaW1hcC53ZWJlbG9waW5nLmNvbYISaW1hcC53ZWJlbG9waW5nLmVzghBtLndl
YmVsb3BpbmcuY29tgg9tLndlYmVsb3BpbmcuZXOCEW0yLndlYmVsb3BpbmcuY29t
ghBtMi53ZWJlbG9waW5nLmVzghNtYWlsLndlYmVsb3BpbmcuY29tghJtYWlsLndl
YmVsb3BpbmcuZXOCF21haWxwaWxlLndlYmVsb3BpbmcuY29tghZtYWlscGlsZS53
ZWJlbG9waW5nLmVzghJua2sud2ViZWxvcGluZy5jb22CEW5ray53ZWJlbG9waW5n
LmVzghFvYy53ZWJlbG9waW5nLmNvbYIQb2Mud2ViZWxvcGluZy5lc4IScG9wLndl
YmVsb3BpbmcuY29tghFwb3Aud2ViZWxvcGluZy5lc4ITcG9wMy53ZWJlbG9waW5n
LmNvbYIScG9wMy53ZWJlbG9waW5nLmVzghdwcm9qZWN0cy53ZWJlbG9waW5nLmNv
bYIWcHJvamVjdHMud2ViZWxvcGluZy5lc4ITc210cC53ZWJlbG9waW5nLmNvbYIS
c210cC53ZWJlbG9waW5nLmVzghN0ZXN0LndlYmVsb3BpbmcuY29tghJ0ZXN0Lndl
YmVsb3BpbmcuZXOCE3Vjb2Iud2ViZWxvcGluZy5jb22CEnVjb2Iud2ViZWxvcGlu
Zy5lc4IRd2Uud2ViZWxvcGluZy5jb22CEHdlLndlYmVsb3BpbmcuZXOCDndlYmVs
b3BpbmcuY29tgg13ZWJlbG9waW5nLmVzghZ3ZWJtYWlsLndlYmVsb3BpbmcuY29t
ghV3ZWJtYWlsLndlYmVsb3BpbmcuZXOCEnd3dy53ZWJlbG9waW5nLmNvbYIRd3d3
LndlYmVsb3BpbmcuZXMwTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMB
AQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEF
BgorBgEEAdZ5AgQCBIH2BIHzAPEAdwCUILwejtWNbIhzH4KLIiwN0dpNXmxPlD1h
204vWE2iwgAAAXT1zBg2AAAEAwBIMEYCIQCB/KqbgxT12uOWAYWXn7jV2+Qr0KHA
KZmw3GA+T8rQkQIhAPbOpzgxZoebW4tStxm24/BXRzJ3QaWd17Ly5a/y6qk6AHYA
9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAF09cwaHQAABAMARzBF
AiEA5v7xblm1H9m6GxpNTubQu4lu7kAATcKbyOXu2pHiE7sCIAwgoDxsBgoHwkK0
+3cL+02mCuu2k/VPXiX51mXxtipSMA0GCSqGSIb3DQEBCwUAA4IBAQB4qbtcV9KE
Dznsn6jrtkwoMy71X77Oh3/f+mScC11B0wbzmO9WKpQ05u0sEjd4FQsc2jYaTjKQ
7vNvtOwBEdjeizs+/HU1+eijqtcqORHcECQORQBcYkuN0sPpsElWbguymeph9Xp0
9fLWFwOPPG+QbVcqwePFZw9OZ/HoGiM63SKpDgiJoVeNHNgmNzz4y1jEpuCiLw4M
Jr6ZC4Z022SaLWtwmC0nlHH9gluIcU7cus0f3cLs9VF8BUgogz0h/eQbewuNY2t6
2mx/NK/U/dC1v5rylpcKB/2cPNY/WRQ7ot3JJxSst8fvr0EYW11DUWFLGaHXH8tv
1FhkaFerj9mD
-----END CERTIFICATE-----
--
Viktor.
