Zertifikatsformat für Postfix <-> Lets Encrypt

[Cengiz Pirasa]

Hallo zusammen,

es scheint, als ob ich es nicht ganz verstanden habe.

Meine Postfix installation will die LetsEncrypt Zertifikate einfach nicht
einbinden.

Postconf -n
alias_maps = $alias_database
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix/sbin
data_directory = /var/lib/postfix
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
$daemon_directory/$process_name $process_id & sleep 5
dovecot_destination_recipient_limit = 1
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
local_transport = local
mailbox_command = /usr/lib/dovecot/deliver
mailbox_size_limit = 0
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
message_size_limit = 52428800
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydomain = ****.eu
myhostname = $mydomain
mynetworks = 127.0.0.0/8
newaliases_path = /usr/bin/newaliases
readme_directory = /usr/share/doc/postfix
sample_directory = /usr/share/doc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated,
reject_unknown_client_hostname
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination,
reject_unauth_pipelining, reject_non_fqdn_recipient
smtpd_relay_restrictions =
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = mysql:/etc/postfix/
mysql-virtual_sender_permissions.cf
smtpd_sender_restrictions = permit_mynetworks,
reject_sender_login_mismatch, permit_sasl_authenticated,
reject_unknown_helo_hostname, reject_unknown_recipient_domain,
reject_unknown_sender_domain
smtpd_tls_cert_file = /etc/ssl/froxlor_custom/w***.eu_fullchain.pem
smtpd_tls_key_file = /etc/ssl/froxlor_custom/w***.eu.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_use_tls = yes
unknown_local_recipient_reject_code = 550
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual_alias_maps.cf
virtual_gid_maps = static:2000
virtual_mailbox_base = /
virtual_mailbox_domains = mysql:/etc/postfix/
mysql-virtual_mailbox_domains.cf
virtual_mailbox_limit = 0
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual_mailbox_maps.cf
virtual_transport = dovecot
virtual_uid_maps = static:2000

Die Pfade stimmen, /etc/ssl/froxlor_custom at chmod777 (Zum testen).

Fehler:

Apr  2 17:20:14 ws1 postfix/smtpd[22674]: warning: cannot get RSA
certificate from file "/etc/ssl/froxlor_custom/ws1.ddnss.eu_fullchain.pem":
disabling TLS support
Apr  2 17:20:14 ws1 postfix/smtpd[22674]: warning: TLS library problem:
error:02001002:system library:fopen:No such file or
directory:../crypto/bio/bss_file.c:292:fopen('/etc/ssl/froxlor_custom/w***.eu_fullchain.pem','r'):
Apr  2 17:20:14 ws1 postfix/smtpd[22674]: warning: TLS library problem:
error:20074002:BIO routines:file_ctrl:system
lib:../crypto/bio/bss_file.c:294:
Apr  2 17:20:14 ws1 postfix/smtpd[22674]: warning: TLS library problem:
error:140DC002:SSL routines:use_certificate_chain_file:system
lib:../ssl/ssl_rsa.c:609:

Hat jemand eine Idee?
-------------- nächster Teil --------------
Ein Dateianhang mit HTML-Daten wurde abgetrennt...
URL: <https://de.postfix.org/pipermail/postfix-users/attachments/20190402/93799caf/attachment.html>