Include role to deplay certificate for mail

roles/mail/tasks/main.yml

@@ -13,3 +13,9 @@
     owner: root
     group: root
     mode: 0644
+
+- name: Deploy letsencrypt certificate
+  ansible.builtin.include_role:
+    name: deploy_certificate
+  vars:
+    domain: mail.{{ mail_domain }}

roles/mail/templates/main.cf.j2

@@ -11,8 +11,8 @@ readme_directory = no
 compatibility_level = 2
 
 # TLS parameters
-smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
-smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
+smtpd_tls_cert_file=/etc/letsencrypt/live/mail.{{ mail_domain }}/fullchain.pem
+smtpd_tls_key_file=/etc/letsencrypt/live/mail.{{ mail_domain }}/privkey.pem
 smtpd_tls_security_level=may
 
 smtp_tls_CApath=/etc/ssl/certs