為什麼 exim 從同一個文件中讀取證書和密鑰？

我通過將這些字元串添加到01_exim4-config_listmacrosdefs. 我使用拆分配置

MAIN_TLS_ENABLE = yes
MAIN_TLS_CERTKEY = /etc/exim4/example.com.crt
MAIN_TLS_PRIVATEKEY = /etc/exim4/example.com.key

所以重新啟動後，連接到埠 465，輸入EHLO，STARTTLS我得到了這個：454 TLS currently unavailable

在日誌中我有這個：

13:29:36 10872 SMTP<< STARTTLS
13:29:36 10872 initialising GnuTLS as a server
13:29:36 10872 GnuTLS global init required.
13:29:36 10872 initialising GnuTLS server session
13:29:36 10872 Expanding various TLS configuration options for session credentials.
13:29:36 10872 certificate file = /etc/exim4/example.com.crt
13:29:36 10872 key file = /etc/exim4/example.com.crt
13:29:36 10872 LOG: MAIN
13:29:36 10872   TLS error on connection from (192.168.1.111) [91.210.44.50] (cert/key setup: cert=/etc/exim4/example.com.crt key=/etc/exim4/example.com.crt): Error in parsing.

為什麼 exim 對證書和密鑰使用相同的文件？怎麼修？

我應該使用MAIN_TLS_CERTIFICATE而不是MAIN_TLS_CERTKEY.

@chicks 如果伺服器故障允許我，我會投票。

仍然吸引人（即兩年後的我）。

從技術上講，conf.d/main/03_exim4-config_tlsoptions如果您在同一個文件中擁有證書和密鑰，則使用MAIN_TLS_CERTKEY. 這是不好的做法，但允許。

#   MAIN_TLS_CERTIFICATE - path to certificate file,
#                          CONFDIR/exim.crt if unset
#   MAIN_TLS_PRIVATEKEY  - path to private key file
#                          CONFDIR/exim.key if unset
# You can also configure exim to look for certificate and key in the
# same file, set MAIN_TLS_CERTKEY to that file to enable. This takes
# precedence over all other settings regarding certificate and key file.

我掩飾了這一點，直接進入了ifdef陳述。其中第一個是：

.ifdef MAIN_TLS_CERTKEY

我完全錯過了這.else部分：

.ifdef MAIN_TLS_CERTKEY
tls_certificate = MAIN_TLS_CERTKEY
.else
.ifndef MAIN_TLS_CERTIFICATE
MAIN_TLS_CERTIFICATE = CONFDIR/exim.crt
.endif
tls_certificate = MAIN_TLS_CERTIFICATE

TL;DR：是的，設置MAIN_TLS_CERTIFICATE而不是MAIN_TLS_CERTKEY.

引用自：https://serverfault.com/questions/797873