Hi Viktor, On Thu, 3 Feb 2022 at 14:07, Viktor Dukhovni <postfix-us...@dukhovni.org> wrote:
> On Thu, Feb 03, 2022 at 01:39:44PM -0500, Martin Hicks wrote: > > > The only configuration change I made in response to this discussion was > > to disable smtpd_tls_ask_ccert - I'm not sure why this was ever enabled. > > > > I'll update in a week or two when I see another e-mail from aircanada. > > You can also (after checking the documentation) use the: > > --preferred-chain "ISRG Root X1" > > flag with certbot, or otherwise avoid the DST cross cert in your server > chain. > Thanks for the information. This is indeed the fix that solved my problem. I finally got some system updates done that I needed in order to get a newer certbot installed. Once I forced renewal of my certificates with the ISRG Root X1 root certificate, the aircanada e-mail servers were able to connect and did not reject the LetsEncrypt certificate. Thanks again, mh -- Martin Hicks P.Eng. | m...@bork.org Bork Consulting Inc. | +1 (613) 266-2296
