On Sat, Aug 16, 2025 at 05:47:09AM +0000, King o Hill via Postfix-users wrote:
> Viktor,
>
> Thank you for your reply.
>
> I have tried this many different ways and to be honest, I was just
> hoping someone would point me in the right direction. I have followed
> the instructions in smtp_tls_chain_files to no avail. I'm just trying
> to get all 4 keys/certs working with all 4 domains so I can get smtp
> to work properly, but I always seem to be missing a small piece of the
> puzzle. Any help would be greatly appreciated.
Well, the documented syntax is:
/etc/postfix/main.cf:
# Your primary/default certificate chain, ideally both the key and
# certificate in the same file, otherwise two files with the
# key file first and the chain file second.
#
smtpd_tls_chain_files = ${config_directory}/smtpd.pem
# Table with additional SNI-dependent cert chains
#
indexed = ${default_database_type}:${config_directory}/
tls_server_sni_maps = ${indexed}sni
/etc/postfix/sni:
# Each logical line lists the key file first and any additional
# certificate files, if not already included in the key file
# after
example.com
/etc/postfix/example.com.key.pem,
/etc/postfix/example.com.crt.pem
example.org
/etc/postfix/example.org.key.pem,
/etc/postfix/example.org.crt.pem
...
As documented, the "sni" table then needs to be indexed with "postmap -F"
# postmap -F /etc/postfix/sni
this will **copy** the keys and certs into the resulting table. This
step MUST be repeated every time new keys/certs are stored in the
source files.
Unless I'm mistaken, all of this is in the documentation. Attention to
detail and not being creative with what's written are typically
sufficient for success.
--
Viktor. 🇺🇦 Слава Україні!
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
