If the fullchain.pem file is the result of the acme client cert-bot, this file
includes Let's Encrypt intermediate certificate and your server certificate.
smtpd_tls_cert_file = /path/to/fullchain.pem
smtpd_tls_key_file = /path/to/privkey.pem
> On Nov 15, 2016, at 03:08, Steve Jenkins wrote:
>
On Mon, Nov 14, 2016 at 7:22 PM, Sebastian Nielsen
wrote:
> You need to be more clear here.
>
> When you say Gmail account on port 587 I don’t entirely understand what
> you are doing. Are you using Gmail as upstream smarthost?
>
1. Open Gmail
2. Press gear icon and select "Settings"
3. Select "
On Mon, Nov 14, 2016 at 7:23 PM, wrote:
> Have you tried to add the certs to the root store on your phone? I'm not
> on an iPhone, but that is what I did for Let's Encrypt. And it doesn't seem
> to always work.
>
I can do that, but I don't want to make all the other users on this mail
server (a
On Mon, Nov 14, 2016 at 7:17 PM, Viktor Dukhovni wrote:
>
> > On Nov 14, 2016, at 9:08 PM, Steve Jenkins
> wrote:
> >
> > # postconf -n | grep tls
> > smtp_tls_CAfile = $smtpd_tls_CAfile
> > smtp_tls_loglevel = 1
> > smtp_tls_security_level = may
>
> The above, being outgoing (SMTP client) setti
Have you tried to add the certs to the root store on your phone? I'm not on an iPhone, but that is what I did for Let's Encrypt. And it doesn't seem to always work.There was a thread I started a while ago on just
a site that has Let’s encrypt deployed. If
you get cert errors, this is the case.
Från: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org]
För Steve Jenkins
Skickat: den 15 november 2016 03:08
Till: postfix users
Ämne: Let's Encrypt + Postfix TLS + iOS Mail
> On Nov 14, 2016, at 9:08 PM, Steve Jenkins wrote:
>
> # postconf -n | grep tls
> smtp_tls_CAfile = $smtpd_tls_CAfile
> smtp_tls_loglevel = 1
> smtp_tls_security_level = may
The above, being outgoing (SMTP client) settings have no bearing
on the TLS behaviour of your server when receiving mail
I've had TLS working great on my Postfix servers for years, and I recently
tried switching one of my boxes to a Let's Encrypt certificate. A Gmail
test account using TLS on port 587 works fine, but the iOS mail client
complains about the certificate being untrusted. Further digging shows it
doesn't
