Thank you @raf. We were using the certs from a commercial CA, not the
free one.
On 2021/8/15 8:05 上午, raf wrote:
On Sun, Aug 15, 2021 at 09:37:17AM +1000, raf <post...@raf.org> wrote:
I recommend using a CA-approved certificate like
LetsEncrypt just because Postfix will use the same
certificate for submissions on port 587, and mail
clients (like Thunderbird) might complain if a
self-signed certificate is used in that context.
Actually, that might be wrong. Maybe Thunderbird only
complains about self-signed certificates for getting
mail (IMAPS/POPS), rather than for sending mail
(SMTP/STARTTLS). I don't know. If so, it might only
affect e.g. Dovecot's choice of certificate rather than
Postfix's. But chances are, if you use both, you'll
probably want them to use the same certificate.
cheers,
raf
