Apologies, postfix was pointed to old cert file
2026-02-02 by: Mike Harrison via chugalug
From: Mike Harrison via chugalug ------------------------------------------------------ Sorry folks, while I renewed certs a while ago, certbot changed the name of the file I had in postfix's main.cf So the mail server has been not doing TLS/StartTLS properly for a few days. It passes it's tests now. May have had some delivery failures over the past 18 days because of it. Certbot does a nice job of managing Apache and NGX servers configs, I did not notice it had picked a different base domain name because I had added domains to this server, and it does not change /etc/postfix/main.cf Which is probably a good thing. Mine are weird. On the good side, while checking things out, learned about DANE: Time to learn something new? DANE = DNS-based Authentication of Named Entities. Poorly supported in end clients, so fare. But I'm liking the ideas presented for verifying what CA is supposed to be the issuing CA. A cross check. May also be useful for self-signed certs. Gonna have to play. https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities -- Mike Harrison mike@geeklabs.com mobile: 423 605-6943