ACME Plugin/Lets Encrypt with Postfix?

[PotatoCarl]

Hi
I installed quite a while ago a Rocket.chat server (snap) behind my OPNSense firewall and used a turourial for getting this done (it is done via automations, took a bit but works well).
Now I try the same with a postfix/cyrus setup I have behind my firewall. Opening a port 80 to this host is out of question.

The reason I want to do this is, that currently a few anti-spam engines (may they rot in hell) decline our emails due to "non verifiable certificate chain". We are forwarding all our email to a relay of our uplink and download everything via fetchmail (all on a server behind the firewall).

With a let's encrypt SSL certificate for our postfix host I hope to be able to solve the problem.

Anybody knowing where to find or having maybe written such a tutorial will be sure of my never ending thanks for pointing me to it.

I honestly did not look into the postfix service of OPNsense so I do not know if that would solve my issues easier. Any suggestions welcome.

And: Happy New Year!

[bartjsmit]

With a let's encrypt SSL certificate for our postfix host I hope to be able to solve the problem.

Very unlikely. I hate to say this, but I tried for years with selfhosted email and there are always regular occurances of perfectly legitimate mail getting blocked on IP reputation alone.

You can set ACME to work with DNS if you (quite rightly) don't want to open HTTP from the internet.

Bart...