MAIL_URL for localhost smtp server and TLS

My MAIL_URL=smtp://
I get the following error when Accounts.sendVerificationEmail() is executed:

May 08 11:36:54 h2 h2o4[1916]: events.js:160
May 08 11:36:54 h2 h2o4[1916]:       throw er; // Unhandled 'error' event
May 08 11:36:54 h2 h2o4[1916]:       ^
May 08 11:36:54 h2 h2o4[1916]: Error: connect ECONNREFUSED
May 08 11:36:54 h2 h2o4[1916]:     at Object.exports._errnoException (util.js:1018:11)
May 08 11:36:54 h2 h2o4[1916]:     at exports._exceptionWithHostPort (util.js:1041:20)
May 08 11:36:54 h2 h2o4[1916]:     at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1086:14)

I am using meteor, have signed certificates from letsencrypt and a working postfix smtp server, which successfully sends mail to my gmail account when running:
echo “test” | mail -s “test”

I think it is because I do not supply a username and password. However, the mail server does not require a username/password, because it only accepts mail from clients on the same machine Node/meteor is hosted on the same machine.

I have tried the following as well:
Error: Hostname/IP doesn;t match certificates altnames: :Host: localhost is not in the cert’s altnames:"
Error: Email protocol in $MAIL_URL ( must be ‘smtp’ or ‘smtps’

How should meteor connect/email with a mail server hosted on the same machine?

This is a catch 22 for me.
If I dont use a cert then MAIL_URL=smtp://localhost will work
If I have a cert, then I am forced to specify MAIL_URL with a hostname/IP that matches my cert (ie smtp:// However, I then get the ECONNREFUSED error.

MAIL_URL=smtp:// also gives an ECONNREFUSED error

This is my /etc/postfix/

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname =
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, localhost.$mydomain, $mydomain, localhost
relayhost =
mynetworks = [::ffff:]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = loopback-only
inet_protocols = all
smtp_tls_security_level = may
smtp_tls_loglevel = 1
smtpd_tls_loglevel = 1
smtpd_tls_security_level = may
smtpd_tls_protocols = !SSLv2, !SSLv3

Any advice?