It’s missing the paths to the certs. That much I can tell by looking at it. But Postfix is not my strongest skill, so let someone smarter than me confirm that and help you fix it.
They were already there, presumably created either by default or by Virtualmin.
Postfix itself was installed by Virtualmin, presumably from the Rocky Linux repo, and I haven’t touched it. When I have in the past it’s typically led to all-nighters fixing the stuff I broke; so I pretty much leave it alone nowadays as long as it’s working.
Personally, I would back up main.cf, make sure the cert files are where Postfix / Virtualmin expect them to be, add the entries, restart Postfix, and see what happens.
I’m not saying that’s the right thing to do. It’s just what I’d try next being a relative neophyte when it comes to Postfix. If someone with more expertise chimes in, ignore everything I’ve said.
Thanks for this - it looks like the SSL files are in the pki directory. Would you mind posting your etc/postfix/main.cf so i can see if there are any other parameters im missing/need changing. I’m just wondering if i need all of the lines listed here:
DNS is correct, the latest version of postfix supports SNI so i should be able to use mail.domain.tld for all my domains/servers.
Using file manager looking at etc/pki/tls/certs there is no postfix.pem and no postfix.key in private. There is ca-bundle.crt and ca-bundle.trust.crt in etc/pki/tls/certs