How can I use Server certificates generated by Caddy for the Postfix service?
Currently, I can only use certificates generated by ACME for the Postfix service.
All certificates are listed in the `system/trust` directory (ACME and caddy).
my current hack on opensense cli:
postconf -e 'smtpd_tls_cert_file=/var/db/caddy/data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/mydomain.xxx.com/mydomain..xxx.com.crt'
postconf -e 'smtpd_tls_key_file=/var/db/caddy/data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/mydomain.xxx.com/mydomain.xxx.com.key'
service postfix restart
check from other machine:
openssl s_client -connect mydomain.xxx.com:25 -starttls smtp | openssl x509 -noout -dates
Quote from: rudiratlos63 on Today at 05:43:16 PMHow can I use Server certificates generated by Caddy for the Postfix service?
You can't. And as far as I know the certificate service in Caddy will be removed in favour of handling everything in the ACME client.
@Monviech can you confirm?
Hmm no nothing about caddy will be changed. It will still issue its own certificates.
But they cannot be used in other services on the OPNsense, and there is no plan to add such capability.
Quote from: Monviech (Cedrik) on Today at 08:47:05 PMHmm no nothing about caddy will be changed. It will still issue its own certificates.
@JeGr told me in our last online meeting you were deprecating all certificate handling in Caddy in favour of ACME. Well ...
Huh I never said that nor have any issue anywhere that states that. Sounds like misinformation.
What I did was splitting the Caddy plugins up, into one with all DNS providers and a xcaddy plugin here:
https://github.com/Monviech/os-caddy
And the standard one with just Cloudflare here:
https://github.com/opnsense/plugins/tree/master/www/caddy
But thats already like this since a year or so now. Nothing more is planned around these facts.