Thanks a lot man. I'm really, really happy. Been digging on it for quite a few hours, now.
You made my day! :) Just in case anyone needs it, the following command, to rebuild the contents, made the trick: postmap -F hash:/etc/postfix/tls_server_sni_maps.map On Fri, Jan 22, 2021 at 12:32 AM Viktor Dukhovni <postfix-us...@dukhovni.org> wrote: > > On Fri, Jan 22, 2021 at 12:24:28AM +0100, Pau Peris wrote: > > > That's the one I use now: > > smtpd_tls_chain_files = > > /etc/letsencrypt/live/webeloping.es/privkey.pem, > > /etc/letsencrypt/live/webeloping.es/fullchain.pem > > smtp_tls_chain_files = $smtpd_tls_chain_files > > That's your primary (default, non-SNI) certificate chain. > > > tls_server_sni_maps = hash:/etc/postfix/tls_server_sni_maps.map > > This is a Berkeley DB hash table with certificate chains that needs to > be rebuilt whenever the underlying certificate files change. > > > cat /etc/postfix/tls_server_sni_maps.map > > > > webeloping.es > > /etc/letsencrypt/live/webeloping.es/privkey.pem > > /etc/letsencrypt/live/webeloping.es/fullchain.pem > > we.webeloping.es > > /etc/letsencrypt/live/webeloping.es/privkey.pem > > /etc/letsencrypt/live/webeloping.es/fullchain.pem > > mail.webeloping.es > > /etc/letsencrypt/live/webeloping.es/privkey.pem > > /etc/letsencrypt/live/webeloping.es/fullchain.pem > > smtp.webeloping.es > > /etc/letsencrypt/live/webeloping.es/privkey.pem > > /etc/letsencrypt/live/webeloping.es/fullchain.pem > > The underlying table is generated with "postmap -F" which imports the > file *content* (it does not just store references to the file names). > You need to rebuild this table, approximately ~weekly, by running: > > # postmap -F hash:/etc/postfix/tls_server_sni_maps.map > > This assumes that your certificate renewals take place well in advance > of one week before expiration, and a weekly rebuild will always ensure > that a reosonable recent copy of each certificate is stored in the > table. > > -- > Viktor. -- Pau Peris Rodriguez Chief Executive Officer (CEO) Tel: 669650292 C/Balmes 211, Principal Segunda Barcelona 08006 http://www.webeloping.es Aquest correu electrònic conté informació de caràcter confidencial dirigida exclusivament al seu/s destinatari/s en còpia present. Tant mateix, queda prohibida la seva divulgació, copia o distribució a tercers sense prèvia autorització escrita per part de Pau Peris Rodriguez. En cas d'haver rebut aquesta informació per error, es demana que es notifiqui immediatament d'aquesta circumstancia mitjançant la direcció electrònica del emissor.
