On the new server (Debian) there is Exim 4.94.2 and on the old one there was
Exim 4.89.
I copied files /etc/exim4/exim.crt and /etc/exim4/exim.key from the old
server.
I also tried to understand old configuration and copy some relevant
settings.
But I stuck with sending emails via SMTP/STARTLS.
I was looking into /etc/exim4/exim4.conf.template and there was something
like:
# Full paths to Certificate and Private Key. The Private Key file
# must be kept 'secret' and should be owned by root.Debian-exim mode
# 640 (-rw-r-----). exim-gencert takes care of these prerequisites.
# Normally, exim4 looks for certificate and key in different files:
# MAIN_TLS_CERTIFICATE - path to certificate file,
# CONFDIR/exim.crt if unset
# MAIN_TLS_PRIVATEKEY - path to private key file
# CONFDIR/exim.key if unset
# You can also configure exim to look for certificate and key in the
# same file, set MAIN_TLS_CERTKEY to that file to enable. This takes
# precedence over all other settings regarding certificate and key file.
.ifdef MAIN_TLS_CERTKEY
tls_certificate = MAIN_TLS_CERTKEY
.else
.ifndef MAIN_TLS_CERTIFICATE
MAIN_TLS_CERTIFICATE = CONFDIR/exim.crt
.endif
tls_certificate = MAIN_TLS_CERTIFICATE
So I supposed Exim would automatically use /etc/exim4/exim.crt and /etc/exim
4/exim.key
But when I was trying to send email by Mozilla Thunderbird via SMTP/STARTTLS
then it was showing me that the server's ceritificate isn't from our company
but one from Exim Developers and valid only for one hour.
When I tried command "exim4 -bP | grep tls_cert | sort" then I could see
that tls_certificate and tls_privatekey were empty.
I solved it by direct setting below the lines mentioned above:
