Problems using Postfix and TLS

[RalfOE]

I tried to configure Postfix and TLS, but got lost connection messages:

postfix/smtpd[22661]   disconnect from mail-ej1-f53.google.com[209.85.218.53] ehlo=1 starttls=0/1 commands=1/2   
postfix/smtpd[22661]   lost connection after STARTTLS from mail-ej1-f53.google.com[209.85.218.53]   
postfix/smtpd[22661]   connect from mail-ej1-f53.google.com[209.85.218.53]

Messages sent from Gmail got the info: 454 4.7.0 TLS not available due to local problem

I think it's an issue by the certificate, but I can't find info, how to configure right.

[bartjsmit]

You can see which certificate postfix is using with:

openssl s_client -debug -starttls smtp -crlf -connect firewall:25 > postfix.txt

replace 'firewall' with the hostname or IP address of your firewall. You should get a 2xx reply (e.g. 250 chunking).

You could go through a full SMTP conversation, but if you only want to know the cert, just type quit and examine the text file.

Bart...

[RalfOE]

Hi Bart,

thank you. It seems, that we had problems with the Let's Encrypt certificate. I used another certificate and since then it works.

Ralf

[dawc21]

In my case I had to reload and re-select my ROOT CA chain within the Postfix configuration.  The odd part is that the root CA cert I re-uploaded had the same serial numbers etc... A bit of a head scratcher but it got it all going....