Hi all,
I'm trying to make work the SNI feature from postfix >3.4.
I've declared a "smtpd_tls_chain_files" using letsencrypt certificates
(privkey and fullchain), and a "tls_server_sni_maps" using hash file,
according the documentation online.
The doc says
"The chain files MUST start with the private key,
# with the certificate chain next, starting with the leaf
# (server) certificate, and then the issuer certificates."
I tried differents ways on the sni file, but every time I try with
openssl to test the configuration I got on postfix logs:
Dec 8 00:34:28 shiva2 postfix/smtpd[7290]: warning: key at index 1 in
SNI data for mail.hidden.fr does not match next certificate
Dec 8 00:34:28 shiva2 postfix/smtpd[7290]: warning: TLS library
problem: error:1426D121:SSL routines:ssl_set_cert_and_key:not replacing
certificate:../ssl/ssl_rsa.c:1107:
Dec 8 00:34:28 shiva2 postfix/smtpd[7290]: warning: error loading
private keys and certificates from: SNI data for mail.hidden.fr:
aborting TLS handshake
Does anyone make this work with Letsencrypt certificates ?
Thanks,