New SSL Cert now showing up for Postfix in browser (Ubuntu, Namecheap)

Question

I'm a newbie trying to wing it after our Sys Admin left. I needed to update our wildcard certificate and copy it onto our mail server.

I renewed the cert at Namecheap, downloaded it, and installed it on our webservers. Everything is showing up fine in a browser for websites. However, when navigating to the browser portal of our mail server, it is still showing the old cert. I have restarted Postfix, but nothing has changed.

In my /etc/postfix/main.cf:

# TLS parameters
smtpd_tls_cert_file = /etc/ssl/certs/wc2_mydomain.com.combined.crt
smtpd_tls_key_file = /etc/ssl/private/wc2_mydomain.com.key
smtpd_use_tls=yes

However, in the browser, it still shows the old expiration date even after postfix reload (it should be 2022):

Issued On   Wednesday, February 20, 2019 at 6:00:00 PM
Expires On  Saturday, February 20, 2021 at 5:59:59 PM

What am I missing? It's going to be very bad if this doesn't show up correctly come Saturday at 6:00pm.

Answer 1

I figured it out. I was on the right track. My /etc/ssl/certs/wc2_mydomain.com.combined.crt file was simply out of order. I discovered the correct order in this article (at the bottom)

It states:

and the correct way is this:

SSLCertificateFile /etc/apache2/ssl/certificate.crt
SSLCertificateKeyFile /etc/apache2/ssl/private.key
SSLCACertificateFile /etc/apache2/ssl/intermediate.crt

I simply had my certs out of order! :D My browser interface works, and the cert shows expiring 2022. Thanks for the nudges in the right direction friends. Another crisis averted.