Actually, I was really hoping for answers, because I'm not using certs yet and know I've got to fix that. Is Let's Encrypt good, other than your current issues? Any place that's free and good (or cheap and perfect)? Rusty Carruth | Customer Support | rusty.carruth@smarth.com | http://www.smarth.com          See the new M4 See us on Storage Search    http://www.storagesearch.com/smart2.html 510-624-5391   | Fax: 480-926-5579   | 1325 N. Fiesta Blvd.  Suite 101 Gilbert, Az. 85233 This email message (and any attachments) is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. -----Original Message----- From: PLUG-discuss [mailto:plug-discuss-bounces@lists.phxlinux.org] On Behalf Of Matt Birkholz Sent: Thursday, April 12, 2018 11:27 AM To: plugaz@codezilla.xyz; Main PLUG discussion list Subject: Re: Let's Encrypt certificates Hi Nathan, Did you get any help with this, or figure it out yourself by now? I have been doing similar things on a CoxBusiness static IP for years, so maybe I can help. (Also Mike's latest silliness makes me wish for more erudite discussions on PLUG. Smart questions going unanswered only makes it worse? :-) I included a couple quick "reactions" to your email (below) but maybe this is moot now, a week on. -Matt On Thu, 2018-04-05 at 20:29 -0700, Nathan O'Brennan wrote: > Hey all, > > I use Let's Encrypt on my web server, and I use the same certificate for > my postfix and dovecot services. Today I realized that my phone has not > alerted me to new messages. I logged into my webmail via Firefix (I > don't usually log into webmail until my phone says I have mail) and sure > enough, I had quite a bit of mail, so I opened my BlueMail app and it > will not connect because my certificate cannot be verified. > > Firefox works fine on webmail. > Chrome works fine on webmail. > Postfix, Apache, and Dovecot all operate correctly without warnings. > > Bluemail, Thunderbird, and Kmail all fail to connect because the > certificate cannot be verified. You did not attach the intermediate certificates? > I had to accept the certificate to use it on my phone. Has Let's Encrypt > changed something? Or what? I don't get any errors on my server, dovecot > reports a username of <> during the initial handshake, which I think is > normal, then reports an error only when my phone attempts to connect > which looks like: > > > Apr 05 20:26:23 codezilla.xyz dovecot[1699]: imap-login: Disconnected > (no auth attempts in 3 secs): user=<>, rip=70.xxx.aaa.162, > lip=138.197.192.135, TLS handshaking: SSL_accept() failed: > error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate > unknown: SSL alert number 46, session= > > Best I can tell this is a failure on my server's attempt to verify my > phone's certificate? Your phone has an IMAP client certificate? I missed that part. The error message actually looks like mine when certificates do not validate and clients do not attempt to log in. > Any help would be appreciated. > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > http://lists.phxlinux.org/mailman/listinfo/plug-discuss --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss