Hi Ante and thanks for this bug report. According to what I see in the scripts the certs gets copied over: it happens via /lib/systemd/system/postfix@.service which has this ExecStartPre directive:
ExecStartPre=/usr/lib/postfix/configure-instance.sh %i and configure-instance.sh copies the certs in the chroot when postfix is (re)started. I tested this on Focal and it works as intended. However I don't see any mechanism that reloads Postfix after update-ca- certificate is called, so it may make sense to add a reload hook in /etc /ca-certificates/update.d/. Would this explain the issue you hit and that made you file this bug report, or do you think there's something going wrong and the certs do not get copied over? Do you agree a reload hook would be the correct fix here? ** Changed in: postfix (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1915238 Title: warning: /var/spool/postfix/etc/ssl/certs/ca-certificates.crt and /etc/ssl/certs/ca-certificates.crt differ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1915238/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs