==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release):
- Deployed with iRedMail Easy or the downloadable installer?
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

I have generated a new self signed cert using the ./tools/generate_ssl_keys.sh shipped with iRedMail. However, after I replace the iRedMail.crt and iRedMail.key files, I am unable to send e-mail and see the following error in /var/log/messages.

Dec 26 07:15:15 mail postfix/smtpd[23729]: warning: TLS library problem: 23729:error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:s3_pkt.c:1493:SSL alert number 48:

I've been searching for a few hours and can't find this same issue. There are a lot of related issues, but nothing that led to a solution.

Postfix's main.cf file hasn't been changed between the two certificates, so I'm guessing that the generate_ssl_key.sh doesn't do something that the original installation did. Here are the relevant configuration lines from main.cf; again, none of these lines changed between the old cert and the new one.

smtpd_tls_key_file = /etc/pki/tls/private/iRedMail.key
smtpd_tls_cert_file = /etc/pki/tls/certs/iRedMail.crt
smtpd_tls_CAfile = /etc/pki/tls/certs/iRedMail.crt
smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
smtpd_tls_dh1024_param_file = /etc/pki/tls/dhparams.pem

Any thoughts what's going on and how to generate the proper self-signed certificate?