The certs are actually already inside the chroot, all in one big file “/var/spool/postfix/etc/ssl/certs/ca-certificates.crt”, all we have to do is tell Postfix to look there, which can be done by adding the following to “/etc/postfix/main.cf”:
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
Restart Postfix and problem is solved. Yay.
