Step 5: Create a new file in /etc/postfix with the name of vmail_ssl.map
- sudo touch /etc/postfix/vmail_ssl.map
Step 6: Edit the file to add your domain’s SSL certificates to the list like this
- mail.yourprimarymailserverdomain.com /etc/letsencrypt/live/mail.yourprimarymailserverdomain.com/privkey.pem /etc/letsencrypt/live/mail.yourprimarymailserverdomain.com/fullchain.pem
Step 7 (Optional): If you have more than one domain to be supported add all of them one per line. The resulting file should look like this
- # Compile with postmap -F hash:/etc/postfix/vmail_ssl.map when updating
- # One host per line
- mail.yourprimarymailserverdomain.com /etc/letsencrypt/live/mail.yourprimarymailserverdomain.com/privkey.pem /etc/letsencrypt/live/mail.yourprimarymailserverdomain.com/fullchain.pem
- mail.yoursecondarymailserverdomain.com /etc/letsencrypt/live/mail.yoursecondarymailserverdomain.com/privkey.pem /etc/letsencrypt/live/mail.yoursecondarymailserverdomain.com/fullchain.pem
- # add more domains with keys and certs as needed
Step 8: Open /etc/dovecot/dovecot.conf
- sudo nano /etc/dovecot/dovecot.conf
Step 9: Append the following to the end of the file, replace domain.com with your own domain
- local_name mail.domain.com {
- ssl_cert = </etc/letsencrypt/live/mail.domain.com/fullchain.pem
- ssl_key = </etc/letsencrypt/live/mail.domain.com/privkey.pem
- }
Step 10: Re-compile postmap with SNI using the following command
- postmap -F hash:/etc/postfix/vmail_ssl.map
Step 11: Restart Postfix.
- systemctl restart postfix
Step 12: Restart Dovecot
- systemctl restart dovecot
Connect again using a mail client and you should not see the error.