SMTP Certificate through GoDaddy:
Run command:
openssl req -new -newkey rsa:2048 -nodes -keyout domain.key -out domain.csr
Submit to GoDaddy domain.csr.
Download from GoDaddy zip file for OTHER server.
The zip file will contain 2 CRT files: something like gd_bundle***.crt and ******.crt
Rename gd_bundle***.crt to just gd_bundle.crt
Rename *****.crt to [domain name].crt
Run command:
cat [domain name].crt gd_bundle.crt > server.pem
Now copy the files to the proper directories:
cp -i domain.key /etc/ssl/private/
cp -i server.pem /etc/ssl/certs/
cp -i [domain name].crt /etc/ssl/certs/
Edit lines in /etc/postfix/main.cf accordingly:
smtpd_tls_CAfile = /etc/ssl/certs/[domain name].crt
smtpd_tls_cert_file = /etc/ssl/certs/server.pem
smtpd_tls_key_file = /etc/ssl/private/domain.key
Restart postfix and possibly saslauthd
To test expiration:
printf 'quit\n' | openssl s_client -connect $SERVERNAME:25 -starttls smtp | openssl x509 -enddate -noout
Replace $SERVERNAME with the server name.