If you receive this kind of error : “certificate verification failed for smtp.sendgrid.net[18.104.22.168]:587: untrusted issuer /C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority”
The connection is still encrypted, it’s just that your server doesn’t have the necessary CA (ceritificate authority) certs to confirm that our certificate is valid.
You can download the Godaddy CA bundle from https://certs.godaddy.com/anonymous/repository.pki (grab the one called “gd_bundle-g2-g1.crt”). Save that somewhere on your server, for instance “/etc/postfix/ssl/gd_bundle-g2-g1.crt”. Finally, tell Postfix where to find it by adding or editing the following line in /etc/postfix/ main.cf:
“smtp_tls_CAfile = /etc/postfix/ssl/gd_bundle-g2-g1.crt”
Restart Postfix to make the change take effect.
If the mailserver communicates with more than just us, You’ll want to add the above to your existing CA bundle (frequently called ca-bundle.crt).