Postfix certificate verification failed for smtp.gmail.com

I have problem, my email server using postfix with gmail smtp, i use account google apps, but always ask for SASL authentication failed, I sent an email using php script, after I see the error logs in the wrong password, after I open the URL from the browser and no verification postfixnya captcha and could return, but after 2-3 days later happen like that again.

This my config postfix

#myorigin = /etc/mailname

smtpd_banner = Hostingbitnet Mail Server
biff = no
append_dot_mydomain = no
readme_directory = no

myhostname = webmaster.hostingbitnet.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = localhost, webmaster.hostingbitnet.com, localhost.localdomain, 103.9.126.163
relayhost = [smtp.googlemail.com]:587
relay_transport = relay
relay_destination_concurrency_limit = 1
mynetworks = 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/16, 10.0.0.0/8,  103.9.126.0/24

mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
default_transport = smtp

relayhost = [smtp.gmail.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/google-apps
smtp_sasl_security_options = noanonymous
smtp_use_tls = yes
smtp_sender_dependent_authentication = yes
tls_random_source = dev:/dev/urandom
default_destination_concurrency_limit = 1

smtp_tls_CAfile = /etc/postfix/tls/root.crt
smtp_tls_cert_file = /etc/postfix/tls/cert.pem
smtp_tls_key_file = /etc/postfix/tls/privatekey.pem
smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
smtp_tls_security_level = may
smtp_tls_loglevel = 1

smtpd_tls_CAfile = /etc/postfix/tls/root.crt
smtpd_tls_cert_file = /etc/postfix/tls/cert.pem
smtpd_tls_key_file = /etc/postfix/tls/privatekey.pem
smtpd_tls_session_cache_database = btree:$data_directory/smtpd_tls_session_cache
smtpd_tls_security_level = may
smtpd_tls_loglevel = 1

#secure
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,check_client_access hash:/var/lib/pop-before-smtp/hosts,reject_unauth_destination

Log from mail.log

Oct 30 14:51:13 webmaster postfix/smtp[9506]: Untrusted TLS connection established to smtp.gmail.com[74.125.25.109]:587: TLSv1 with cipher RC4-SHA (128/128 bits)
Oct 30 14:51:15 webmaster postfix/smtp[9506]: 87E2739400B1: SASL authentication failed; server smtp.gmail.com[74.125.25.109] said: 535-5.7.1 Please log in with your web browser and then try again. Learn more at?535 5.7.1 https://support.google.com/mail/bin/answer.py?answer=78754 ix9sm156630pbc.7
Oct 30 14:51:15 webmaster postfix/smtp[9506]: setting up TLS connection to smtp.gmail.com[74.125.25.108]:587
Oct 30 14:51:15 webmaster postfix/smtp[9506]: certificate verification failed for smtp.gmail.com[74.125.25.108]:587: untrusted issuer /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
Oct 30 14:51:16 webmaster postfix/smtp[9506]: Untrusted TLS connection established to smtp.gmail.com[74.125.25.108]:587: TLSv1 with cipher RC4-SHA (128/128 bits)
Oct 30 14:51:17 webmaster postfix/smtp[9506]: 87E2739400B1: to=<fantac.y111222@gmail.com>, relay=smtp.gmail.com[74.125.25.108]:587, delay=972, delays=967/0.03/5.5/0, dsn=4.7.1, status=deferred (SASL authentication failed; server smtp.gmail.com[74.125.25.108] said: 535-5.7.1 Please log in with your web browser and then try again. Learn more at?535 5.7.1 https://support.google.com/mail/bin/answer.py?answer=78754 s1sm3850paz.0)
Oct 30 14:51:17 webmaster postfix/error[9508]: B3960394009D: to=<root@mail.myserver.com>, orig_to=<root>, relay=none, delay=29992, delays=29986/5.6/0/0.07, dsn=4.7.1, status=deferred (delivery temporarily suspended: SASL authentication failed; server smtp.gmail.com[74.125.25.108] said: 535-5.7.1 Please log in with your web browser and then try again. Learn more at?535 5.7.1 https://support.google.com/mail/bin/answer.py?answer=78754 s1sm3850paz.0)

BTW I made cert follow the link here http://koti.kapsi.fi/ptk/postfix/postfix-tls-cacert.shtml and it worked, but after 2/3 days my email back to problem invalid SASL, and then i'm required to log in use a browser and enter the captcha there but success log in after input captcha, and my email server can send emails from telnet or php script. but it will be back in trouble after 2/3days later.

My question is how to make it permanent certificate?

Thanks n greeting.