On Thu, Jun 16, 2022 at 11:07:05PM +0200, Maurizio Caloro wrote:
> --> Out: 454 4.7.0 TLS not available due to local problem
As expected.
> smtpd_tls_chain_files =
> /etc/letsencrypt/live/nmail.caloro.ch/privkey.pem,
> /etc/letsencrypt/live/nmail.caloro.ch/fullchain.pem,
> /etc/letsencrypt/live/nmail.calm-ness.ch/fullchain.pem,
> /etc/letsencrypt/live/nmail.calm-ness.ch/privkey.pem,
> /etc/letsencrypt/live/nmail.caloro.ch-ecdsa/privkey.pem,
> /etc/letsencrypt/live/nmail.caloro.ch-ecdsa/fullchain.pem[]
This is wrong. Both domains likely use RSA public/private keys, and
you can only configure at most one default public key for each algorithm
(RSA, ECDSA, Ed25519, Ed448).
Generally speaking just certificate chain is quite enough to serve both
domains.
smtpd_tls_chain_files =
/etc/letsencrypt/live/nmail.caloro.ch/privkey.pem,
/etc/letsencrypt/live/nmail.caloro.ch/fullchain.pem,
But if for some reason you feel expert enough to configure both RSA and
ECDSA and keep both working, then you set:
smtpd_tls_chain_files =
/etc/letsencrypt/live/nmail.caloro.ch/privkey.pem,
/etc/letsencrypt/live/nmail.caloro.ch/fullchain.pem,
/etc/letsencrypt/live/nmail.caloro.ch-ecdsa/privkey.pem,
/etc/letsencrypt/live/nmail.caloro.ch-ecdsa/fullchain.pem
Assuming the suggestive file names align with reality.
--
Viktor.
