Submitted by 314TeR on Wed, 02/14/2018 - 07:35
Hi,
When I generate the letsencrypt certificate for a virtual server, wrong smtpd_tls_CAfile is added in /etc/postfix/master.cf.
CA.pam from postfix is added, but it should be from a virtual server.
This is an example what id added:
192.168.11.12:smtp inet n - y - - smtpd -o smtpd_sasl_auth_enable=yes -o smtpd_tls_cert_file=/home/domain.com/ssl.cert -o smtpd_tls_key_file=/home/domain.com/ssl.key -o smtpd_tls_CAfile=/etc/postfix/postfix.ca.pem
192.168.11.12:submission inet n - y - - smtpd -o smtpd_sasl_auth_enable=yes -o smtpd_tls_cert_file=/home/domain.com/ssl.cert -o smtpd_tls_key_file=/home/domain.com/ssl.key -o smtpd_tls_CAfile=/etc/postfix/postfix.ca.pem
Should be:
192.168.11.12:smtp inet n - y - - smtpd -o smtpd_sasl_auth_enable=yes -o smtpd_tls_cert_file=/home/domain.com/ssl.cert -o smtpd_tls_key_file=/home/domain.com/ssl.key -o smtpd_tls_CAfile=/home/domain.com/ssl.ca
192.168.11.12:submission inet n - y - - smtpd -o smtpd_sasl_auth_enable=yes -o smtpd_tls_cert_file=/home/domain.com/ssl.cert -o smtpd_tls_key_file=/home/domain.com/ssl.key -o smtpd_tls_CAfile=/home/domain.com/ssl.ca
Even if I correct entries manually, they are overwritten every time when letsencrypt certificate is refreshed.
In case of mine, where I use a commercial certificate for the server (webmin, postfix, etc) and letsencrypt for individual domains, CA.pem will always be different and will be brake the encryption.
Status:
Closed (fixed)
Comments
Submitted by JamieCameron on Thu, 02/15/2018 - 00:48 Comment #1
Ok, I see the cause of this - it will be fixed in the next Virtualmin release.
Submitted by IssueBot on Thu, 10/11/2018 - 20:07 Comment #2
Automatically closed - issue fixed for 2 weeks with no activity.