Update mailserver role to use LE certificate

roles/mailserver/tasks/dovecot.yml

@@ -38,10 +38,13 @@
     - 10-auth.conf
     - 10-mail.conf
     - 10-master.conf
-    - 10-ssl.conf
     - auth-sql.conf.ext
   notify: restart dovecot
 
+- name: Template 10-ssl.conf
+  template: src=etc_dovecot_conf.d_10-ssl.conf.j2 dest=/etc/dovecot/conf.d/10-ssl.conf
+  notify: restart dovecot
+
 - name: Template 15-lda.conf
   template: src=etc_dovecot_conf.d_15-lda.conf.j2 dest=/etc/dovecot/conf.d/15-lda.conf
   notify: restart dovecot

roles/mailserver/files/etc_dovecot_conf.d_10-ssl.conf → roles/mailserver/templates/etc_dovecot_conf.d_10-ssl.conf.j2

@@ -9,8 +9,8 @@ ssl = required
 # dropping root privileges, so keep the key file unreadable by anyone but
 # root. Included doc/mkcert.sh can be used to easily generate self-signed
 # certificate, just make sure to update the domains in dovecot-openssl.cnf
-ssl_cert = </etc/ssl/certs/wildcard_combined.pem
-ssl_key = </etc/ssl/private/wildcard_private.key
+ssl_cert = </etc/letsencrypt/live/{{ domain }}/fullchain.pem
+ssl_key = </etc/letsencrypt/live/{{ domain }}/privkey.pem
 
 # If key file is password protected, give the password here. Alternatively
 # give it when starting dovecot with -p parameter. Since this file is often

roles/mailserver/templates/etc_postfix_main.cf.j2

@@ -40,8 +40,8 @@ smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3
 smtp_tls_mandatory_protocols=!SSLv2,!SSLv3
 smtp_tls_protocols = !SSLv2,!SSLv3
 smtpd_tls_protocols = !SSLv2,!SSLv3
-smtpd_tls_cert_file=/etc/ssl/certs/wildcard_combined.pem
-smtpd_tls_key_file=/etc/ssl/private/wildcard_private.key
+smtpd_tls_cert_file=/etc/letsencrypt/live/{{ domain }}/fullchain.pem
+smtpd_tls_key_file=/etc/letsencrypt/live/{{ domain }}/privkey.pem
 smtpd_use_tls=yes
 smtpd_tls_auth_only = yes
 smtp_tls_security_level = may