From bb4117f666ed9f996eaae33d125f52ef45ed6349 Mon Sep 17 00:00:00 2001
From: System administrator
Date: Tue, 1 Dec 2020 11:45:03 +0100
Subject: expose TLS certificate and private key paths separately

To avoid assuming the file names under a directory.
---
 conf.d/010_main.conf | 4 ++--
 exim.conf            | 5 +++--
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/conf.d/010_main.conf b/conf.d/010_main.conf
index b04e9f5..3162f62 100644
--- a/conf.d/010_main.conf
+++ b/conf.d/010_main.conf
@@ -56,8 +56,8 @@ tls_advertise_hosts = *
 # need the first setting, or in separate files, in which case you need both
 # options.
 
-tls_certificate = CERTDIR/$primary_hostname.crt
-tls_privatekey = CERTDIR/$primary_hostname.pem
+tls_certificate = TLS_CERTIFICATE_FILE
+tls_privatekey = TLS_PRIVATE_KEY_FILE
 
 # In order to support roaming users who wish to send email from anywhere,
 # you may want to make Exim listen on other ports as well as port 25, in
diff --git a/exim.conf b/exim.conf
index 678be1e..3558007 100644
--- a/exim.conf
+++ b/exim.conf
@@ -37,10 +37,11 @@
 
 
 CONFDIR = /etc/exim
-
-CERTDIR = /etc/mail/ssl
 DKIMDIR = /etc/mail/dkim
 
+TLS_CERTIFICATE_FILE = /etc/keyring/exim.crt
+TLS_PRIVATE_KEY_FILE = /etc/keyring/exim.pem
+
 USERLIST = /etc/mail/list.d/users.list
 #ENABLE_PAM_AUTH = yes
 #DOVECOT_AUTH_SOCKET = /var/run/dovecot/auth-client
-- 
cgit v1.2.3