0

I want to generate - fullchain-pem, privkey-pem. I have tried this method.

How do I generate fullchain.pem and privkey.pem?

I want to integrate them into my postfix to send mail with my mailserver:

here i have editet this parameters:

smtpd_tls_security_level = may
smtpd_tls_auth_only = yes
smtpd_tls_ciphers = medium
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_cert_file=/etc/acme.sh/mail.xxxxx.com/fullchain.pem
smtpd_tls_key_file=/etc/acme.sh/mail.xxxxx.com/privkey.pem
#smtpd_tls_cert_file=/etc/acme.sh/mail.xxxxxx.com/
smtpd_tls_dh1024_param_file = /etc/postfix/dh2048.pem
#smtpd_tls_CAfile = /etc/acme.sh/mail.xxxxxx.com/ca.crt

I am always getting the followong error, when I try to send the test mail in roundcube:

TLS library problem: SSL routines::tlsv1 alert unknown ca:../ssl/record/rec_layer_s3.c:1586:SSL alert number 48

I dont know what i am doing wrong. Please can someone give me an advice?

Improve this question
1
  • You are using a self-signed certificate that the peer doesn’t trust. The simplest solution to this ultimately is to use a CA-signed certificate. Everything else will cost you far more in time than it saves in money, even if feasible, which it may not be in this case.
    – user207421
    Commented May 28 at 23:58
Related questions
512
curl: (60) SSL certificate problem: unable to get local issuer certificate
0
Delayed outgoing mail in active queue
0
Mail server postfix mail considered junk
Load 1 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Browse other questions tagged or ask your own question.