{"id":3079,"date":"2026-02-04T22:00:53","date_gmt":"2026-02-04T13:00:53","guid":{"rendered":"https:\/\/www.next-hop.net\/blog\/hiraga\/?p=3079"},"modified":"2026-02-25T02:00:44","modified_gmt":"2026-02-24T17:00:44","slug":"sendmail-letsencrypt","status":"publish","type":"post","link":"https:\/\/www.next-hop.net\/blog\/hiraga\/freebsd\/sendmail-letsencrypt\/","title":{"rendered":"Sendmail\u3067Let&#8217;s Encrypt\u306e\u8a3c\u660e\u66f8\u3092\u4f7f\u3046"},"content":{"rendered":"<p>Sendmail\u306f\u6b74\u53f2\u7684\u7406\u7531\u3068\u5f8c\u65b9\u4e92\u63db\u6027\u306e\u554f\u984c\u3067\u8a3c\u660e\u66f8\u306e\u6271\u3044\u65b9\u304c\u3061\u3087\u3063\u3068\u4eca\u98a8\u3067\u306f\u3042\u308a\u307e\u305b\u3093\u3002<br \/>\nfullchain.pem\u3092\u4f7f\u7528\u3057\u3066\u3082\u8a3c\u660e\u66f8\u3092\u8fbf\u308c\u306a\u3044\u554f\u984c\u304c\u767a\u751f\u3057\u3001openssl s_client\u3067\u898b\u308b\u3068<br \/>\nVerify return code: 21 (unable to verify the first certificate)<br \/>\n\u3068\u3044\u3046\u30e1\u30c3\u30bb\u30fc\u30b8\u304c\u8868\u793a\u3055\u308c\u3066\u3057\u307e\u3044\u307e\u3059\u3002<br \/>\n\u5f93\u3063\u3066\u3001\u30eb\u30fc\u30c8CA\u8a3c\u660e\u66f8\u306bchain.pem\u3092\u8ffd\u52a0\u3059\u308b\u3053\u3068\u3067\u8a3c\u660e\u66f8\u3092\u8fbf\u308c\u308b\u3088\u3046\u306b\u3057\u307e\u3059\u3002<\/p>\n<h2>\u524d\u63d0<\/h2>\n<ul>\n<li>FreeBSD 13.5<\/li>\n<li>Sendmail 8.18<\/li>\n<li><a href=\"https:\/\/letsencrypt.org\/\">Let&#8217;s Encrypt<\/a>\u306b\u3088\u308b\u8a3c\u660e\u66f8\u53d6\u5f97\u6e08\u307f<\/li>\n<li>Ansible 2.18<\/li>\n<\/ul>\n<h2>Ansible\u30b3\u30fc\u30c9<\/h2>\n<h4>roles\/freebsd\/tasks\/sendmail.yaml<\/h4>\n<pre class=\"brush: yaml; title: ; notranslate\" title=\"\">\r\n- name: Ensure certificate directory\r\n  file:\r\n    path: \/etc\/mail\/certs\r\n    state: directory\r\n    owner: root\r\n    group: wheel\r\n    mode: &quot;0755&quot;\r\n\r\n- name: Copy CA certificate\r\n  copy:\r\n    src: \/etc\/ssl\/cert.pem\r\n    dest: \/etc\/mail\/certs\/cacert.pem\r\n    remote_src: true\r\n    owner: root\r\n    group: wheel\r\n    mode: &quot;0644&quot;\r\n  notify:\r\n    restart_sendmail\r\n\r\n- name: Read Let&#039;s Encrypt chain.pem\r\n  slurp:\r\n    src: &quot;\/usr\/local\/etc\/letsencrypt\/live\/{{ inventory_hostname }}\/chain.pem&quot;\r\n  register: le_chain\r\n\r\n- name: Append chain.pem to cacert.pem\r\n  blockinfile:\r\n    path: \/etc\/mail\/certs\/cacert.pem\r\n    block: &quot;{{ le_chain.content | b64decode }}&quot;\r\n    marker: &quot;# {mark} ANSIBLE MANAGED LETSENCRYPT CHAIN&quot;\r\n  notify:\r\n    restart_sendmail\r\n\r\n- name: Copy host certificate\r\n  copy:\r\n    src: \/usr\/local\/etc\/letsencrypt\/live\/{{ inventory_hostname }}\/cert.pem\r\n    dest: \/etc\/mail\/certs\/host.cert\r\n    remote_src: true\r\n    owner: root\r\n    group: wheel\r\n    mode: &quot;0644&quot;\r\n  notify:\r\n    restart_sendmail\r\n\r\n- name: Copy host key\r\n  copy:\r\n    src: \/usr\/local\/etc\/letsencrypt\/live\/{{ inventory_hostname }}\/privkey.pem\r\n    dest: \/etc\/mail\/certs\/host.key\r\n    remote_src: true\r\n    owner: root\r\n    group: wheel\r\n    mode: &quot;0600&quot;\r\n  notify:\r\n    restart_sendmail\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>Sendmail\u306f\u6b74\u53f2\u7684\u7406\u7531\u3068\u5f8c\u65b9\u4e92\u63db\u6027\u306e\u554f\u984c\u3067\u8a3c\u660e\u66f8\u306e\u6271\u3044\u65b9\u304c\u3061\u3087\u3063\u3068\u4eca\u98a8\u3067\u306f\u3042\u308a\u307e\u305b\u3093\u3002 fullchain.pem\u3092\u4f7f\u7528\u3057\u3066\u3082\u8a3c\u660e\u66f8\u3092\u8fbf\u308c\u306a\u3044\u554f\u984c\u304c\u767a\u751f\u3057\u3001openssl s_client\u3067\u898b\u308b\u3068 Verify r\u2026 <span class=\"read-more\"><a href=\"https:\/\/www.next-hop.net\/blog\/hiraga\/freebsd\/sendmail-letsencrypt\/\">\u7d9a\u304d\u3092\u8aad\u3080 &raquo;<\/a><\/span><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3],"tags":[],"class_list":["post-3079","post","type-post","status-publish","format-standard","hentry","category-freebsd"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.next-hop.net\/blog\/hiraga\/wp-json\/wp\/v2\/posts\/3079"}],"collection":[{"href":"https:\/\/www.next-hop.net\/blog\/hiraga\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.next-hop.net\/blog\/hiraga\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.next-hop.net\/blog\/hiraga\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.next-hop.net\/blog\/hiraga\/wp-json\/wp\/v2\/comments?post=3079"}],"version-history":[{"count":5,"href":"https:\/\/www.next-hop.net\/blog\/hiraga\/wp-json\/wp\/v2\/posts\/3079\/revisions"}],"predecessor-version":[{"id":3138,"href":"https:\/\/www.next-hop.net\/blog\/hiraga\/wp-json\/wp\/v2\/posts\/3079\/revisions\/3138"}],"wp:attachment":[{"href":"https:\/\/www.next-hop.net\/blog\/hiraga\/wp-json\/wp\/v2\/media?parent=3079"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.next-hop.net\/blog\/hiraga\/wp-json\/wp\/v2\/categories?post=3079"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.next-hop.net\/blog\/hiraga\/wp-json\/wp\/v2\/tags?post=3079"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}