On Fri, Jun 17, 2022 at 01:20:05PM -0400, Viktor Dukhovni <postfix-us...@dukhovni.org> wrote:
> On Fri, Jun 17, 2022 at 04:03:52PM +1000, raf wrote: > > > > Out: 454 4.7.0 TLS not available due to local problem > > > > Try deleting the middle two files (nmail.calm-ness.ch), > > or swapping them around. They are in the wrong order. > > Swapping them won't have the desired effect. There can be at most one > RSA keypair (private key + cert) per SSL context. IIRC attempting to > load a second pair will raise an error, but even if not, "at best" the > mistake won't be detected and these will replace the first pair. > > -- > Viktor. Ah, of course. I forgot that bit. Thanks. So removing the middle files from smtpd_tls_chain_files is the only correct approach. Even if the middle pair were in the right order, and even if they successfully replaced the first pair (which might not be a thing anyway), it would still end up with a single RSA certificate, not both. cheers, raf
