Enable selecting the TLS Certificate

templates/Fedora/35/etc/postfix/main.cf

@@ -706,13 +706,15 @@ readme_directory = /usr/share/doc/postfix/README_FILES
 # in PEM format. Intermediate certificates should be included in general,
 # the server certificate first, then the issuing CA(s) (bottom-up order).
 #
-smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem
+# smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem
+smtpd_tls_cert_file = /etc/postfix/certificates/pubcert.pem
 
 # The full pathname of a file with the Postfix SMTP server RSA private key
 # in PEM format. The private key must be accessible without a pass-phrase,
 # i.e. it must not be encrypted.
 #
-smtpd_tls_key_file = /etc/pki/tls/private/postfix.key
+# smtpd_tls_key_file = /etc/pki/tls/private/postfix.key
+smtpd_tls_key_file = /etc/postfix/certificates/privkey.pem
 
 # Announce STARTTLS support to remote SMTP clients, but do not require that
 # clients use TLS encryption (opportunistic TLS inbound).

templates/Fedora/35/usr/lib/systemd/system/postfix-copytls.service

@@ -0,0 +1,12 @@
+[Unit]
+Description=Copy TLS Certificates for Postfix
+
+[Service]
+Type=oneshot
+ExecStartPre=mkdir -p /etc/postfix/certificates
+ExecStart=/bin/bash -lc 'cp /etc/httpd/md/domains/{{ postfix_vhost }}/*.pem /etc/postfix/certificates/'
+ExecStartPost=chown -R root:root /etc/postfix/certificates
+
+[Install]
+WantedBy=postfix.service
+

templates/Fedora/35/usr/lib/systemd/system/postfix-copytls.timer

@@ -0,0 +1,9 @@
+[Unit]
+Description=Copy TLS Certificates for Postfix
+
+[Timer]
+OnUnitActiveSec=5min
+
+[Install]
+WantedBy=postfix.service
+