Most of the time Postfix is configured with self signed certificate which works well because mostly certificate validation is not required by MTAs. Though it can be useful for applications or mailbox users connecting to central MTA to delivery of emails.
You can either buy SSL certificate from your provider or use letscrypt.org free certificates(needs to be renewed every 3 months). In this guide, i will use letencrypt certificate for my mx host console.postfix.io.
I use letsencrypt utility to manage certificate for my domains, below command will generate standalone certificate for my host.
letsencrypt certonly --standalone -d console.postfix.io
- Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/console.postfix.io/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/console.postfix.io/privkey.pem ...
Replace the following lines :
to the following letsencrypt certificates path :
systemctl reload postfix.service
You can verify certificate validation using http://checktls.com/perl/TestService.pl. See below test results after configuring for console.postfix.io