CentOS7.9 ; Let's Encrypt , WEB・Mail SSL化

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Enter email address (used for urgent renewal and security notices)
(Enter 'c' to cancel):[E-mail address]
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org

Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf. You must
agree in order to register with the ACME server. Do you agree?
(Y)es/(N)o: y

Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
(Y)es/(N)o: y
Account registered.
Requesting a certificate for cent.korodes.com
Performing the following challenges:
http-01 challenge for cent.korodes.com
Using the webroot path /var/www/html/cent.korodes.com for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Subscribe to the EFF mailing list (email: mhori@hera.eonet.ne.jp).
Starting new HTTPS connection (1): supporters.eff.org
We were unable to subscribe you the EFF mailing list because your e-mail address appears to be invalid. You can try again later by visiting https://act.eff.org.

IMPORTANT NOTES:
-Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/cent.korodes.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/cent.korodes.com/privkey.pem
Your certificate will expire on 2023-05-18. To obtain a new or
tweaked version of this certificate in the future, simply run
certbot again. To non-interactively renew all of your
certificates, run "certbot renew"
-If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Requesting a certificate for mail.korodes.com
Performing the following challenges:
http-01 challenge for mail.korodes.com
Waiting for verification…
Cleaning up challenges

IMPORTANT NOTES:
-Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/mail.korodes.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/mail.korodes.com/privkey.pem
Your certificate will expire on 2023-05-18. To obtain a new or
tweaked version of this certificate in the future, simply run
certbot again. To non-interactively renew all of your
certificates, run "certbot renew"
-If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

● 最終行に追記
smtpd_use_tls = yes
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.<domain name>/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/mail.<domain name>/privkey.pem
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache

● 16-19行目 : コメント解除
submission inet n - n - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
● 26-29行目 : コメント解除
smtps inet n - n - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes