From owner-freebsd-questions@freebsd.org  Thu Apr  5 02:27:31 2018
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2FFC0F8BB42
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Thu,  5 Apr 2018 02:27:31 +0000 (UTC)
 (envelope-from freebsd@dreamchaser.org)
Received: from nightmare.dreamchaser.org (ns.dreamchaser.org [66.109.141.57])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
 bits)) (Client CN "nightmare.dreamchaser.org",
 Issuer "nightmare.dreamchaser.org" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 85CAF81284
 for <freebsd-questions@freebsd.org>; Thu,  5 Apr 2018 02:27:30 +0000 (UTC)
 (envelope-from freebsd@dreamchaser.org)
Received: from breakaway.dreamchaser.org (breakaway [192.168.151.122])
 by nightmare.dreamchaser.org (8.15.2/8.15.2) with ESMTP id w352RSP9064707
 for <freebsd-questions@freebsd.org>; Wed, 4 Apr 2018 20:27:28 -0600 (MDT)
 (envelope-from freebsd@dreamchaser.org)
To: FreeBSD Mailing List <freebsd-questions@freebsd.org>
Reply-To: freebsd@dreamchaser.org
From: Gary Aitken <freebsd@dreamchaser.org>
Subject: sendmail certs -- which letsencrypt cert to use for ca
Message-ID: <655c9be3-ece7-eeab-300f-56be88c3267f@dreamchaser.org>
Date: Wed, 4 Apr 2018 20:26:47 -0600
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101
 Thunderbird/52.6.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Apr 2018 02:27:31 -0000

I'm wanting to switch the self-certified certs generated by sendmail
when it first starts over to ones certified via letsencrypt.
Letsencrypt generates four files:
   cert.pem, privkey,pem, chain.pem and fullchain.pem
As I understand it, chain.pem contains intermediates, and fullchain
contains the main cert + intermediates.
Sendmail's generated certs consist of a cert, a privkey, and a CA.
Which of chain.pem or fullchain.pem should be used for the CA, or
will either work?

Thanks,

Gary