On Mon, May 30, 2022 at 08:52:21AM +0200, Maurizio Caloro wrote:
> try to install RSA and ECDSA, but it's don't run like normal mode.
Simplest in most cases (and quite sufficient) to stick to just one
algorithm. Multiple algorithms require a deeper understanding of
what you're doing.
> Generate Certificates.....
>
> ./acme.sh --issue -d nmail.caloro.ch --keylength 4096 --standalone
> ./acme.sh --issue -d nmail.caloro.ch --keylength ec-384 -standalone
What is the result of this? I'd guess that the files for the EC key and
cert at least in part replace the RSA key and cert.
> smtpd_tls_chain_files =
> /etc/letsencrypt/live/nmail.caloro.ch/privkey.pem,
Which key should this be?
> /etc/letsencrypt/live/nmail.caloro.ch/fullchain.pem,
Which key should this chain correspond to?
> /etc/letsencrypt/live/nmail.caloro.ch/postfix-rsa.crt,
> /etc/letsencrypt/live/nmail.caloro.ch/postfix-rsa.key,
How did these files come to exist? Why the certificate
listed before the key?
> /etc/letsencrypt/live/nmail.caloro.ch/postfix_ecc.crt,
> /etc/letsencrypt/live/nmail.caloro.ch/postfix_ecc.cer
You have no idea what you're doing. Keep it simple and
choose exactly one of RSA or ECDSA.
--
Viktor.
