diff --git a/hosts/falkenstein/modules/mail/postfix.nix b/hosts/falkenstein/modules/mail/postfix.nix
index 8c712d7..ac1c04a 100644
--- a/hosts/falkenstein/modules/mail/postfix.nix
+++ b/hosts/falkenstein/modules/mail/postfix.nix
@@ -33,12 +33,14 @@ in
       origin = "${domain}";
       destination = [ "${hostname}" "${domain}" "localhost" ];
       networks = [ "127.0.0.1" ];
-      sslCert = "/var/lib/caddy/certificates/acme-v02.api.letsencrypt.org-directory/${hostname}/${hostname}.crt";
-      sslKey = "/var/lib/caddy/certificates/acme-v02.api.letsencrypt.org-directory/${hostname}/${hostname}.key";
       config = {
         # home_mailbox = "Maildir/";
         smtp_helo_name = config.networking.fqdn;
         smtpd_banner = "${config.networking.fqdn} ESMTP $mail_name";
+        smtpd_tls_chain_files = [
+          "/var/lib/caddy/certificates/acme-v02.api.letsencrypt.org-directory/${hostname}/${hostname}.key"
+          "/var/lib/caddy/certificates/acme-v02.api.letsencrypt.org-directory/${hostname}/${hostname}.crt"
+        ];
         smtp_tls_security_level = "may";
         # forcing encryption breaks rspamd
         smtpd_tls_security_level = "may";