That is a mart find Victor.
I think I keep mine simpler,so mine shouldn't fail in April as long as
my cronjob auto updates the SSL Cert.
#postfix2 compatibility mode
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:/var/run/smtpd_tls_session_cache
smtpd_use_tls = yes
tls_r
Hey,
I think let's encrypt SSL certificates expire every three to four months by
default.
I recently started using Let's Encrypt's certbot for Postfix TLS.
Your's appears to have expired on Jan 2, 2021.
> verify error:num=10:certificate has expired
> notAfter=Jan 2 21:47:07 2021 GMT
> verify
On Thu, Jan 21, 2021 at 06:46:41PM -0500, Theodore Knab wrote:
> I think I keep mine simpler,so mine shouldn't fail in April as long as
> my cronjob auto updates the SSL Cert.
If you're not using SNI with indexed file tables (cdb, lmdb, hash, or
btree), then your certificate chains are read direc
Thanks a lot man. I'm really, really happy. Been digging on it for
quite a few hours, now.
You made my day! :)
Just in case anyone needs it, the following command, to rebuild the
contents, made the trick:
postmap -F hash:/etc/postfix/tls_server_sni_maps.map
On Fri, Jan 22, 2021 at 12:32 AM Vikt
On Thu, Jan 21, 2021 at 06:32:04PM -0500, Viktor Dukhovni wrote:
> > That's the one I use now:
> > smtpd_tls_chain_files =
> > /etc/letsencrypt/live/webeloping.es/privkey.pem,
> > /etc/letsencrypt/live/webeloping.es/fullchain.pem
> > smtp_tls_chain_files= $smtpd_tls_chain_files
>
> Th
On Fri, Jan 22, 2021 at 12:24:28AM +0100, Pau Peris wrote:
> That's the one I use now:
> smtpd_tls_chain_files =
> /etc/letsencrypt/live/webeloping.es/privkey.pem,
> /etc/letsencrypt/live/webeloping.es/fullchain.pem
> smtp_tls_chain_files= $smtpd_tls_chain_files
That's your primary (d
Hi, thanks a lot for the answers.
The system has been running fine for years since some months ago I
implemented SNI and created a new certificate for webeloping.es and
let the old one expire. Obviously i updated Postfix config files
accordingly but it looks like i made some mistake.
The problem
On Fri, Jan 22, 2021 at 12:00:25AM +0100, Pau Peris wrote:
> I'm running the following command which shows the content of the
> expired certificate but I'm getting crazy finding the certificate even
> when I have the content of it. For sure it's not in /etc, ...
Postfix loads certificates exactly
Thanks for the tips :)
I'm running the following command which shows the content of the
expired certificate butI'm getting crazy finding the certificate even
when I have the content of it. For sure it's not in /etc, I've checked
with egrep -Ri MIIIpTCCB42gAwIBAgISBNq8AcDQ9eonDq3bUFDfFOmYMA0GCSqGSI
On Thu, Jan 21, 2021 at 11:19:13PM +0100, Pau Peris wrote:
> Does someone know how I can make postfix show the absolute path for the
> TLS certificate used?
There is no such feature. But if you're not using SNI, the certificate
chain is the same for all clients, and you can just connect to your
Hi,
thanks a lot for your answer.
I'm on a SNI scenario. Postfix has been working without issues for
years but last months I move to an SNI scenario, obviously made some
mistake and now a certificate is expired but I'm not able to find it.
I've coded a little bash script which check the expirati
On 21 Jan 2021, at 17:19, Pau Peris wrote:
> do someone know how can i make postfix show the absolute path for the
> TLS certificate used?
postconf smtpd_tls_cert_file
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Curren
Hi,
do someone know how can i make postfix show the absolute path for the
TLS certificate used?
The thing is Postfix shows the following error but I'm not able to
find any expired certificate in the system. Postfix config file seems
fine but obviously there's some kind of mistake on my side so I
13 matches
Mail list logo
