I have the same configuration as you. But in addition to
smtpd_tls_CAfile=/etc/postfix/cacert.pem
I also have in my postfix's main.cf:
smtp_tls_CAfile=/etc/postfix/cacert.pem
Try adding this extra line. You might need to add it as part of this block:
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_tls_cert_file = /etc/postfix/FOO-cert.pem
smtp_tls_key_file = /etc/postfix/FOO-key.pem
smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache
smtp_use_tls = yes
