-- Sorry as wrong identity and I expect the other to fail, I apologize if you get this twice.


Thanks Stephen, this seems to be about the right time, but I think my problems started before this. 

I have not tried combining the primary chain with the intermediate chain and then making Dovecot use that. I think that is my next step. I just haven't had time to mess with it further since making my phone accept the cert was an easy fix so I could get back to work.



On 2018-04-13 15:44, Stephen Partington wrote:

 
So it looks great.
 
This does look like a feature change was recently done. https://letsencrypt.org/2018/04/04/sct-encoding.html
 

On Fri, Apr 13, 2018 at 3:03 PM, Stephen Partington <cryptworks@gmail.com> wrote:
Sorry, I lost this off my radar.
 
https://letsencrypt.org/docs/integration-guide/ has some interesting information. Have you tested your ssl?

On Fri, Apr 13, 2018 at 2:47 PM, Nathan O'Brennan <plugaz@codezilla.xyz> wrote:
On 2018-04-12 11:27, Matt Birkholz wrote:
Hi Nathan,

Did you get any help with this, or figure it out yourself by now?
No, to be honest I haven't seen a single response, but I have also not seen any email come in since I sent it, so I kind of thought maybe my certificate was messed up somehow else.

I ended up having my phone accept the certificate so I could check my mail, but I never did resolve it. It works correctly everywhere, and on my phone as long as it does not try to verify, so I left it alone.




I have been doing similar things on a CoxBusiness static IP for years,
so maybe I can help.  (Also Mike's latest silliness makes me wish for
more erudite discussions on PLUG.  Smart questions going unanswered
only makes it worse? :-)

I included a couple quick "reactions" to your email (below) but maybe
this is moot now, a week on.

-Matt

On Thu, 2018-04-05 at 20:29 -0700, Nathan O'Brennan wrote:
Hey all,

I use Let's Encrypt on my web server, and I use the same certificate for
my postfix and dovecot services. Today I realized that my phone has not
alerted me to new messages. I logged into my webmail via Firefix (I
don't usually log into webmail until my phone says I have mail) and sure
enough, I had quite a bit of mail, so I opened my BlueMail app and it
will not connect because my certificate cannot be verified.

Firefox works fine on webmail.
Chrome works fine on webmail.
Postfix, Apache, and Dovecot all operate correctly without warnings.

Bluemail, Thunderbird, and Kmail all fail to connect because the
certificate cannot be verified.

You did not attach the intermediate certificates?

I had to accept the certificate to use it on my phone. Has Let's Encrypt
changed something? Or what? I don't get any errors on my server, dovecot
reports a username of <> during the initial handshake, which I think is
normal, then reports an error only when my phone attempts to connect
which looks like:


Apr 05 20:26:23 codezilla.xyz dovecot[1699]: imap-login: Disconnected
(no auth attempts in 3 secs): user=<>, rip=70.xxx.aaa.162,
lip=138.197.192.135, TLS handshaking: SSL_accept() failed:
error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate
unknown: SSL alert number 46, session=<xsrZniVpOQBGsb2i>

Best I can tell this is a failure on my server's attempt to verify my
phone's certificate?

Your phone has an IMAP client certificate?  I missed that part.

The error message actually looks like mine when certificates do not
validate and clients do not attempt to log in.

Any help would be appreciated.
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss


 
--
A mouse trap, placed on top of your alarm clock, will prevent you from rolling over and going back to sleep after you hit the snooze button.

Stephen



 
--
A mouse trap, placed on top of your alarm clock, will prevent you from rolling over and going back to sleep after you hit the snooze button.

Stephen


---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss