[BlueOnyx:25496] TLS certificate didn't update on Postfix 5210R
Gen Tobimatsu
ml2011 at g.u-style.net
Wed Jul 6 17:04:21 -05 2022
Hello,
I replaced my server 5209R to 5210R.
I have some problem on postfx.
Let's encrypt cert updated on web dovecot, but postfix didn't.
I tried to switch to sendmail.
Sendmail uses latest certficate.
But switch back to postfix, then it used old certificate?
It seems main.cf have no issue.
cd /etc/postfix; grep -r cert *
main.cf:# with 450 (try again later) until you are certain that your
main.cf:smtp_tls_CApath = /etc/pki/tls/certs
main.cf:smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
main.cf:smtpd_tls_chain_files = /etc/admserv/certs/key
/etc/admserv/certs/nginx_cert_ca_combined
main.cf.proto:# with 450 (try again later) until you are certain that your
vsite_ssl.map:sbo02.deego-net.jp /etc/admserv/certs/key
/etc/admserv/certs/nginx_cert_ca_combined
but certificate has problem.
* sendmail (hss no issue)
echo "" | openssl s_client -connect example.com:465 1> ~/now.crt
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = example.com
verify return:1
* postfix (has issue)
echo "" | openssl s_client -connect example.com:465 1> ~/old.crt
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = example.com
verify error:num=10:certificate has expired
notAfter=Jul 3 08:45:17 2022 GMT
verify return:1
depth=0 CN = example.com
notAfter=Jul 3 08:45:17 2022 GMT
verify return:1
Thanks.
More information about the Blueonyx
mailing list