-- Sorry as wrong identity and I expect the other to fail, I apologize if you get this twice. Thanks Stephen, this seems to be about the right time, but I think my problems started before this. I have not tried combining the primary chain with the intermediate chain and then making Dovecot use that. I think that is my next step. I just haven't had time to mess with it further since making my phone accept the cert was an easy fix so I could get back to work. On 2018-04-13 15:44, Stephen Partington wrote: > https://www.ssllabs.com/ssltest/analyze.html?d=codezilla.xyz > > So it looks great. > > This does look like a feature change was recently done. https://letsencrypt.org/2018/04/04/sct-encoding.html > > On Fri, Apr 13, 2018 at 3:03 PM, Stephen Partington wrote: > > Sorry, I lost this off my radar. > > https://letsencrypt.org/docs/integration-guide/ [1] has some interesting information. Have you tested your ssl? > > On Fri, Apr 13, 2018 at 2:47 PM, Nathan O'Brennan wrote: > On 2018-04-12 11:27, Matt Birkholz wrote: > Hi Nathan, > > Did you get any help with this, or figure it out yourself by now? No, to be honest I haven't seen a single response, but I have also not seen any email come in since I sent it, so I kind of thought maybe my certificate was messed up somehow else. > > I ended up having my phone accept the certificate so I could check my mail, but I never did resolve it. It works correctly everywhere, and on my phone as long as it does not try to verify, so I left it alone. > > I have been doing similar things on a CoxBusiness static IP for years, > so maybe I can help. (Also Mike's latest silliness makes me wish for > more erudite discussions on PLUG. Smart questions going unanswered > only makes it worse? :-) > > I included a couple quick "reactions" to your email (below) but maybe > this is moot now, a week on. > > -Matt > > On Thu, 2018-04-05 at 20:29 -0700, Nathan O'Brennan wrote: > Hey all, > > I use Let's Encrypt on my web server, and I use the same certificate for > my postfix and dovecot services. Today I realized that my phone has not > alerted me to new messages. I logged into my webmail via Firefix (I > don't usually log into webmail until my phone says I have mail) and sure > enough, I had quite a bit of mail, so I opened my BlueMail app and it > will not connect because my certificate cannot be verified. > > Firefox works fine on webmail. > Chrome works fine on webmail. > Postfix, Apache, and Dovecot all operate correctly without warnings. > > Bluemail, Thunderbird, and Kmail all fail to connect because the > certificate cannot be verified. > You did not attach the intermediate certificates? > > I had to accept the certificate to use it on my phone. Has Let's Encrypt > changed something? Or what? I don't get any errors on my server, dovecot > reports a username of <> during the initial handshake, which I think is > normal, then reports an error only when my phone attempts to connect > which looks like: > > Apr 05 20:26:23 codezilla.xyz [2] dovecot[1699]: imap-login: Disconnected > (no auth attempts in 3 secs): user=<>, rip=70.xxx.aaa.162, > lip=138.197.192.135, TLS handshaking: SSL_accept() failed: > error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate > unknown: SSL alert number 46, session= > > Best I can tell this is a failure on my server's attempt to verify my > phone's certificate? > Your phone has an IMAP client certificate? I missed that part. > > The error message actually looks like mine when certificates do not > validate and clients do not attempt to log in. > > Any help would be appreciated. > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > http://lists.phxlinux.org/mailman/listinfo/plug-discuss [3] --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss [3] -- A mouse trap, placed on top of your alarm clock, will prevent you from rolling over and going back to sleep after you hit the snooze button. Stephen -- A mouse trap, placed on top of your alarm clock, will prevent you from rolling over and going back to sleep after you hit the snooze button. Stephen --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss Links: ------ [1] https://letsencrypt.org/docs/integration-guide/ [2] http://codezilla.xyz [3] http://lists.phxlinux.org/mailman/listinfo/plug-discuss