Home / server / Questions / 1151325
Accepted
Esa Jokinen
Asked: 2024-01-12 01:15:52 +0800 CST

How to get both ECC & RSA certificates from Let's Encrypt for Postfix?

  • 772

Let's Encrypt has started issuing ECC certificates by default since Certbot 2.0. This is not a problem for modern web browsers, but Let's Encrypt certificates can be used for other purposes than HTTPS, too. Namely, some SMTP servers do not support ECC certificates, yet. If such server tries to establish STARTTLS connection with Postfix that uses ECC certificates it fails.

The logs indicate there are no shared cipher despite, e.g., Wireshark shows the Client Hello in the TLS handshake clearly has common ciphers with the list configured via smtpd_tls_mandatory_ciphers = medium.

postfix/smtpd[1337]: connect from mail.example.net[198.51.100.1]
postfix/smtpd[1337]: SSL_accept error from mail.example.net[198.51.100.1]: -1
postfix/smtpd[1337]: warning: TLS library problem: error:0A0000C1:SSL routines::no shared cipher:../ssl/statem/statem_srvr.c:2220:
postfix/smtpd[1337]: lost connection after STARTTLS from mail.example.net[198.51.100.1]
postfix/smtpd[1337]: disconnect from mail.example.net[198.51.100.1] ehlo=1 starttls=0/1 commands=1/2

The problem is caused by the type of certificate. Is it possible to get both ECC & RSA certificates from Let's Encrypt using Certbot? How to configure Postfix to use them both at the same time?

ssl

1 Answers

  1. Best Answer

    Additional RSA certificate from Let's Encrypt (Certbot)

    There are some answers with solutions that require custom scripting. This solution relies entirely on the Certbot configuration. The following assumptions are made. If these differs in your setup, alter the instructions for your needs.

    • There is a ECC certificate configured for mail.example.com using that as the certificate name (--cert-name); renewal configured in /etc/letsencrypt/renewal/mail.example.com.conf etc.

    • The defaults for Certbot are configured via configuration file /etc/letsencrypt/cli.ini. This example uses ECC certificates with a stronger secp384r1 curve (default secp256r1) and increased RSA key size 4096 (default 2048) as well as a pre-configured authenticator:

      # Because we are using logrotate for greater flexibility, disable the
# internal certbot logrotation.
max-log-backups = 0

# Use ECC for the private key
key-type = ecdsa
elliptic-curve = secp384r1

# Use a 4096 bit RSA key instead of 2048
rsa-key-size = 4096

# Use webroot authenticator; common webroot for all sites
authenticator = webroot
webroot-path = /var/www/letsencrypt

    You could replicate the cli.ini file with the RSA key type using:

    sed -E 's/key-type.?=.?ecdsa/key-type = rsa/' /etc/letsencrypt/cli.ini \
  | sed 's/^# Use ECC/# Use RSA/' \
  | sudo tee /etc/letsencrypt/cli-rsa.ini

    The key setting is key-type = rsa. The file is replicated so that this does not change the default configuration for all new certificates. In this example, the command creates cli-rsa.ini having:

    # Because we are using logrotate for greater flexibility, disable the
# internal certbot logrotation.
max-log-backups = 0

# Use RSA for the private key
key-type = rsa
elliptic-curve = secp384r1

# Use a 4096 bit RSA key instead of 2048
rsa-key-size = 4096

# Use webroot authenticator; common webroot for all sites
authenticator = webroot
webroot-path = /var/www/letsencrypt

    You can use the configuration file for requesting another certificate for the mail.example.com. The --cert-name has to be different from the ECC certificate as we are requesting an additional RSA certificate instead of replacing the current one. E.g.,

    sudo certbot certonly \
  --cert-name mail.example.com-rsa \
  -d mail.example.com \
  -c /etc/letsencrypt/cli-rsa.ini

    If your renewal method is configured correctly you should get:

    Requesting a certificate for mail.example.com

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/mail.example.com-rsa/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/mail.example.com-rsa/privkey.pem

    You will need these paths in the Postfix configuration.

    Multiple certificates in Postfix

    With Postfix TLS Support you can configure multiple certificates at the same time. Since Postfix 3.4 it has been recommended to use the smtpd_tls_chain_files parameter (instead of the legacy smtpd_tls_cert_file & smtpd_tls_key_file for RSA & smtpd_tls_eccert_file & smtpd_tls_eckey_file for ECDSA).

    It is worth to note that:

    You can also store the keys separately from their certificates, again provided each is listed before the corresponding certificate chain. Storing a key and its associated certificate chain in separate files is not recommended, because this is prone to race conditions during key rollover, as there is no way to update multiple files atomically.

    However,

    • Certbot stores the key and the chain in separate files.
    • You can configure a --deploy-hook with a script that runs systemctl reload postfix on a successful renewal.

    Example configuration for the main.cf; pay attention to the correct order: each private key before each certificate chain:

    smtpd_tls_chain_files =
    /etc/letsencrypt/live/mail.example.com/privkey.pem,
    /etc/letsencrypt/live/mail.example.com/fullchain.pem,
    /etc/letsencrypt/live/mail.example.com-rsa/privkey.pem,
    /etc/letsencrypt/live/mail.example.com-rsa/fullchain.pem
    • 0