Well, yes. Setting up mail software (or networking for that matter, e.g. NAT portmaps) in general is NOT the scope of this Community, as I said before. We can't dive into the TLS part of setting up Postfix, without Postfix being properly set up. I assume you want your Postfix to be reachable from the public internet. And the volunteers of this Community need to be able to test your Postfix from the public internet to debug the TLS part of it.
But BEFOREwe can get to that TLS part, YOU need to make sure Postfix is working correctly. And you can call that "leaving [you] to go find out why", but that's indeed the gist of it. Because "finding out why" is NOT the scope of this Let's Encrypt Community. This is NOT the "Postfix Community" or "Postfix support channel".