The documentation has outdated configuration options:
sudo postconf -e 'smtpd_tls_key_file = /etc/ssl/private/server.key'
sudo postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/server.crt'
The Postfix documentation says those two options are legacy and recommends using smtpd_tls_chain_files.
With Postfix ≤ 3.3, even if the key is stored in the same file as the certificate, the file is read twice and a (brief) race condition still exists during key rollover. While Postfix ≥ 3.4 avoids the race when the key and certificate are in the same file, you should use the new “smtpd_tls_chain_files” interface shown above.