When your issuance email arrives, you will have three certificates in the email - your webserver certificate, the GTE root certificate and a Sectigo intermediate certificate (you will only need your server certificate and the Sectigo intermediate certificate).
Copy the Sectigo intermediate certificate (Sectigo Class 3 Security Services CA)into a text editor such as notepad and save as ca.txt (bundle file).
Copy your web server certificate into a text editor such as notepad, and save as yourdomain.crt.
1. Locate and open the Postfix config file main.cf.
2. Save yourdomain.crt to the same directory as the yourdomain.key file which would have been created when you originally created your CSR. If you are importing an existing certificate, ensure you also import the yourdomain.key file.
3. Save the ca_new.txt (bundle file) to the same directory as yourdomain.crt and yourdomain.crt.
4. In the Postfix TLS settings section, ensure the following directories and file locations are present. You will need to add them if they are not present or if they are different:
smtpd_tls_cert_file = /some/path/yourdomain.crt
smtpd_tls_key_file = /some/path/yourdomain.key
smtpd_tls_CAfile = /some/path/ca.txt (bundle file)
The following settings may be different per server, but be sure that your setup is similar to the following examples:
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_tls_session_cache_timeout = 3600s