I had to get into this way back in '09 to install some 'real' ssl certificates. I've forgotten what I was doing then, and maybe my filenames are different to the perfect setup because of my custom work. But the problem with the shutdown was the .pem file, so check it.
I suggest you do have a .pem file somewhere, perhaps it is here:
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
Locate the .pem file and try what I suggested above to check it.
and I note that I made an error in my post above.
To create the .pem file you should use this to combine the .key and .crt:
cat smtpd.key smtpd.crt > smtpd.pem
openssl gendh >> smtpd.pem
I'm not an expert, just persistent, and so that's as far as I can help you. Good luck.