On 9/05/2025 10:06 am, Carl Brewer via Postfix-users wrote:
On 9/05/2025 9:08 am, Dan Mahoney wrote:
There’s only one certificate in your chain, you need to send the
intermediate cert as well.
The cert you’re signing with isn’t trusted by browsers.
Certificate chain
0 s:CN = rollcage13.aboc.net.au
i:C = US, O = Let's Encrypt, CN = R10
Arguably, this is even worse than being self-signed.
Compared with my sendmail (stop laughing) server:
Not laughing at all, many -many- years ago I did a lot of work with
Sendmail (before the m4 stuff, that long ago!) - very valuable lesson
was learned; Don't leave your email address in a sendmail config file
as a "I did it this way" note, or for -decades- you will get "help!"
emails! If you did enough Sendmail stuff, perl's line noise didn't seem
so bad.
But - I don't really understand what you're saying here. I think I need
to RTFM on this again.
I changed it to this :
smtpd_tls_security_level = may
smtpd_tls_cert_file =
/usr/local/etc/letsencrypt/live/rollcage13.aboc.net.au/fullchain.pem
smtpd_tls_key_file =
/usr/local/etc/letsencrypt/live/rollcage13.aboc.net.au/privkey.pem
It seems to be working, but the test on
https://ssl-tools.net/mailservers/rollcage13.aboc.net.au
Is still moaning about an authority.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
