On Thu, Jan 21, 2021 at 06:32:04PM -0500, Viktor Dukhovni wrote:
> > That's the one I use now:
> > smtpd_tls_chain_files =
> > /etc/letsencrypt/live/webeloping.es/privkey.pem,
> > /etc/letsencrypt/live/webeloping.es/fullchain.pem
> > smtp_tls_chain_files = $smtpd_tls_chain_files
>
> That's your primary (default, non-SNI) certificate chain.
One more thing... If the default certificate chain is also the very one
being used for all the other domains, why exactly do you need SNI???
Perhaps it is simplest to disable SNI support, and just use the same
default chain implicitly for all domains?
> > cat /etc/postfix/tls_server_sni_maps.map
> >
> > webeloping.es
> > /etc/letsencrypt/live/webeloping.es/privkey.pem
> > /etc/letsencrypt/live/webeloping.es/fullchain.pem
> > we.webeloping.es
> > /etc/letsencrypt/live/webeloping.es/privkey.pem
> > /etc/letsencrypt/live/webeloping.es/fullchain.pem
> > mail.webeloping.es
> > /etc/letsencrypt/live/webeloping.es/privkey.pem
> > /etc/letsencrypt/live/webeloping.es/fullchain.pem
> > smtp.webeloping.es
> > /etc/letsencrypt/live/webeloping.es/privkey.pem
> > /etc/letsencrypt/live/webeloping.es/fullchain.pem
Or are there more domains in that table that are mapped to a different
certificate chain?
--
Viktor.
