使用 letsencypt 和 exim4 配置 TLS 时出现问题

我正在使用 letsencrypt，并已在 exim4 中设置配置以查看我的 letsencrypt 目录，但仍然收到错误

454 TLS 当前不可用

我的exim4.conf：

https://dpaste.com/CJXQZDTH9

完整错误：

openssl s_client -debug -starttls smtp -crlf -connect localhost:25

CONNECTED(00000003)
read from 0x637bb7d38890 [0x637bb7e08a00] (4096 bytes => 82 (0x52))
0000 - 32 32 30 20 65 6d 61 69-6c 2e 6e 79 63 74 65 6c   220 email.domain
0010 - 65 63 6f 6d 6d 2e 63 6f-6d 20 45 53 4d 54 50 20   .com ESMTP 
0020 - 45 78 69 6d 20 34 2e 39-36 20 55 62 75 6e 74 75   Exim 4.96 Ubuntu
0030 - 20 54 68 75 2c 20 30 34-20 41 70 72 20 32 30 32    Thu, 04 Apr 202
0040 - 34 20 30 37 3a 33 32 3a-31 35 20 2b 30 30 30 30   4 07:32:15 +0000
0050 - 0d 0a                                             ..
write to 0x637bb7d38890 [0x637bb7e0a500] (23 bytes => 23 (0x17))
0000 - 45 48 4c 4f 20 6d 61 69-6c 2e 65 78 61 6d 70 6c   EHLO mail.exampl
0010 - 65 2e 63 6f 6d 0d 0a                              e.com..
read from 0x637bb7d38890 [0x637bb7e08a00] (4096 bytes => 170 (0xAA))
0000 - 32 35 30 2d 65 6d 61 69-6c 2e 6e 79 63 74 65 6c   250-email.domain
0010 - 65 63 6f 6d 6d 2e 63 6f-6d 20 48 65 6c 6c 6f 20   .com Hello 
0020 - 6d 61 69 6c 2e 65 78 61-6d 70 6c 65 2e 63 6f 6d   mail.example.com
0030 - 20 5b 3a 3a 31 5d 0d 0a-32 35 30 2d 53 49 5a 45    [::1]..250-SIZE
0040 - 20 35 32 34 32 38 38 30-30 0d 0a 32 35 30 2d 38    52428800..250-8
0050 - 42 49 54 4d 49 4d 45 0d-0a 32 35 30 2d 50 49 50   BITMIME..250-PIP
0060 - 45 4c 49 4e 49 4e 47 0d-0a 32 35 30 2d 50 49 50   ELINING..250-PIP
0070 - 45 43 4f 4e 4e 45 43 54-0d 0a 32 35 30 2d 43 48   ECONNECT..250-CH
0080 - 55 4e 4b 49 4e 47 0d 0a-32 35 30 2d 53 54 41 52   UNKING..250-STAR
0090 - 54 54 4c 53 0d 0a 32 35-30 2d 50 52 44 52 0d 0a   TTLS..250-PRDR..
00a0 - 32 35 30 20 48 45 4c 50-0d 0a                     250 HELP..
write to 0x637bb7d38890 [0x7ffc1e20bb10] (10 bytes => 10 (0xA))
0000 - 53 54 41 52 54 54 4c 53-0d 0a                     STARTTLS..
read from 0x637bb7d38890 [0x637bb7cf42c0] (8192 bytes => 31 (0x1F))
0000 - 34 35 34 20 54 4c 53 20-63 75 72 72 65 6e 74 6c   454 TLS currentl
0010 - 79 20 75 6e 61 76 61 69-6c 61 62 6c 65 0d 0a      y unavailable..
write to 0x637bb7d38890 [0x637bb7e17c80] (293 bytes => 293 (0x125))
0000 - 16 03 01 01 20 01 00 01-1c 03 03 21 b5 aa 72 17   .... ......!..r.
0010 - 77 fa f5 c2 8c bf ea 55-a3 44 fe 21 ae a5 28 be   w......U.D.!..(.
0020 - a4 f3 9d 28 e1 e3 26 12-df f7 57 20 7f be 20 1b   ...(..&...W .. .
0030 - fc c9 9e 6a 5b 6c c8 cc-62 3e ec df 6c 12 3e 8f   ...j[l..b>..l.>.
0040 - 9e 4f d5 f3 0b f9 8e 4b-d2 cd bd 88 00 3e 13 02   .O.....K.....>..
0050 - 13 03 13 01 c0 2c c0 30-00 9f cc a9 cc a8 cc aa   .....,.0........
0060 - c0 2b c0 2f 00 9e c0 24-c0 28 00 6b c0 23 c0 27   .+./...$.(.k.#.'
0070 - 00 67 c0 0a c0 14 00 39-c0 09 c0 13 00 33 00 9d   .g.....9.....3..
0080 - 00 9c 00 3d 00 3c 00 35-00 2f 00 ff 01 00 00 95   ...=.<.5./......
0090 - 00 0b 00 04 03 00 01 02-00 0a 00 16 00 14 00 1d   ................
00a0 - 00 17 00 1e 00 19 00 18-01 00 01 01 01 02 01 03   ................
00b0 - 01 04 00 23 00 00 00 16-00 00 00 17 00 00 00 0d   ...#............
00c0 - 00 2a 00 28 04 03 05 03-06 03 08 07 08 08 08 09   .*.(............
00d0 - 08 0a 08 0b 08 04 08 05-08 06 04 01 05 01 06 01   ................
00e0 - 03 03 03 01 03 02 04 02-05 02 06 02 00 2b 00 05   .............+..
00f0 - 04 03 04 03 03 00 2d 00-02 01 01 00 33 00 26 00   ......-.....3.&.
0100 - 24 00 1d 00 20 c4 bf 98-12 89 b8 ea bf 46 e0 76   $... ........F.v
0110 - 2e 37 cb a9 bd 77 bc 38-5b a9 ea f1 14 c6 aa 7d   .7...w.8[......}
0120 - 06 16 97 35 22                                    ...5"
read from 0x637bb7d38890 [0x637bb7e0fa63] (5 bytes => 5 (0x5))
0000 - 35 30 31 20 4e                                    501 N
40D7B7678A700000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:354:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 288 bytes and written 326 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
read from 0x637bb7d38890 [0x637bb7cf42c0] (8192 bytes => 154 (0x9A))
0000 - 55 4c 20 63 68 61 72 61-63 74 65 72 73 20 61 72   UL characters ar
0010 - 65 20 6e 6f 74 20 61 6c-6c 6f 77 65 64 20 69 6e   e not allowed in
0020 - 20 53 4d 54 50 20 63 6f-6d 6d 61 6e 64 73 0d 0a    SMTP commands..
0030 - 35 30 31 20 4e 55 4c 20-63 68 61 72 61 63 74 65   501 NUL characte
0040 - 72 73 20 61 72 65 20 6e-6f 74 20 61 6c 6c 6f 77   rs are not allow
0050 - 65 64 20 69 6e 20 53 4d-54 50 20 63 6f 6d 6d 61   ed in SMTP comma
0060 - 6e 64 73 0d 0a 35 30 31-20 4e 55 4c 20 63 68 61   nds..501 NUL cha
0070 - 72 61 63 74 65 72 73 20-61 72 65 20 6e 6f 74 20   racters are not 
0080 - 61 6c 6c 6f 77 65 64 20-69 6e 20 53 4d 54 50 20   allowed in SMTP 
0090 - 63 6f 6d 6d 61 6e 64 73-0d 0a                     commands..
read from 0x637bb7d38890 [0x637bb7cf42c0] (8192 bytes => 49 (0x31))
0000 - 34 32 31 20 65 6d 61 69-6c 2e 6e 79 63 74 65 6c   421 email.domain
0010 - 65 63 6f 6d 6d 2e 63 6f-6d 20 6c 6f 73 74 20 69   .com lost input
0020 - 6e 70 75 74 20 63 6f 6e-6e 65 63 74 69 6f 6e 0d   connection.
0030 - 0a                                                .
read from 0x637bb7d38890 [0x637bb7cf42c0] (8192 bytes => 0)

如何配置 exim4 以与 letsencrypt 配合使用？我在发布之前确实查看过，没有找到与 letsencypt 相关的任何内容。