Using own certificates sub optimal

In 21-ssl-certificate.sh there is a logical error.

When there is a /data/ssl/server.crt and server.key but no ca.crt then it will use those certs and keys for the haraka server but not for dovecot.

Dovecots ssl_ca has a different meaning than you currently have configured it for. Dovecot require ssl_cert to be the full chain (server-combined)

ssl_ca is used for client certificate verification which I'm not sure if you actually support this. Even if that Certificate Authority may not match the CA for the server certificate. Especially if you use letsencrypt. Meaning with the current configuration using letsencrypt, they could sign a client certificate to login as any user on a poste server.

I'm currently read-only mounting the files at the right locations to circumvent this issue.