On Mon, Mar 28, 2022 at 03:23:55PM +1100, raf wrote:
> I just tried this (debian-11, postfix-3.5.6)
> and was surprised by the effect:
>
> postfix tls new-server-key
> postfix tls deploy-server-cert /etc/postfix/cert-20220328-033631.pem
> /etc/postfix/key-20220328-033631.pem
>
> The main.cf file originally contained:
>
> smtpd_tls_chain_files =
> /etc/postfix/smtpd.key
> /etc/postfix/smtpd.cert
>
> The deploy-server-cert subcommand appended the following:
>
> smtpd_tls_cert_file = /etc/postfix/cert-20220328-033631.pem
> smtpd_tls_key_file = /etc/postfix/key-20220328-033631.pem
Yes, the "postfix tls" script has not yet been updated to handle
the new "chain files" syntax. Sorry about that.
Contributions of suitably robust code welcome...
--
Viktor.
