status=deferred (TLS is required, but was not offered by host 127.0.0.1[127.0.0.1])
I tried changing the certificate from the snakeoil to a letsencrypt one acquired via lego (go-acme/lego).
I cannot upload it via the webinterface, and I am not allowed to change the option in the “MTA config file” so I chose to make a symlink for the two files:
doing this it causes the webinterface to give the error:
A problem occurred
Error message:Render queue error in BeginRender[Login]: Error invoking service builder method mitm.djigzo.web.services.SoapModule.buildGlobalPreferencesManagerWS(GlobalPreferencesManagerWSProxyFactory, ApplicationStateManager) (at SoapModule.java:813) (for service 'GlobalPreferencesManagerWS'): org.apache.cxf.service.factory.ServiceConstructionException: Failed to create service.
Click here to continueContact your administrator if this condition persists
i have no idea where to go from here.
Is there any further documentation on ssl certificates and how to change them manually?
Thanks in advance.
I think this is the same issue that you have, i.e., you changed the default which will then also require TLS when connecting to the back-end (which is not supported).
You need to change the security level only for a specific service.
Thank you Martijn for you answer.
I did not have that line in there. to test I added
smtp_tls_wrappermode = no
no change in behavior. the error still persists.
Nov 6 11:29:06 cipher mail postfix/smtp[2364]: 4SP6qy1tQ4zZcw0: to=<example@mail.com>, relay=127.0.0.1[127.0.0.1]:10025, delay=356, delays=356/0.01/0.04/0, dsn=4.7.4, status=deferred (TLS is required, but was not offered by host 127.0.0.1[127.0.0.1])
Because you changed the global postfix setting for smtp_tls_security_level it means that it will be used for all smtp connections. What you should do it to only configure this for the smtp service used for outgoing email but not for the smtp connector which sends to the local back-end.