Re: Let's Encrypt certificates

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MStephen Partington at <-
MMatt Birkholz at ->
Attachments:
Message as email
+ (text/plain)
+ (text/html)
+ (text/plain)
Delete this message
Reply to this message
Author: Stephen Partington
Date:  
To: Main PLUG discussion list
Subject: Re: Let's Encrypt certificates
https://www.ssllabs.com/ssltest/analyze.html?d=codezilla.xyz

So it looks great.

This does look like a feature change was recently done.
https://letsencrypt.org/2018/04/04/sct-encoding.html


On Fri, Apr 13, 2018 at 3:03 PM, Stephen Partington <>
wrote:

> Sorry, I lost this off my radar.
>
> https://letsencrypt.org/docs/integration-guide/ has some interesting
> information. Have you tested your ssl?
>
> On Fri, Apr 13, 2018 at 2:47 PM, Nathan O'Brennan <>
> wrote:
>
>> On 2018-04-12 11:27, Matt Birkholz wrote:
>>
>>> Hi Nathan,
>>>
>>> Did you get any help with this, or figure it out yourself by now?
>>>
>>
>> No, to be honest I haven't seen a single response, but I have also not
>> seen any email come in since I sent it, so I kind of thought maybe my
>> certificate was messed up somehow else.
>>
>> I ended up having my phone accept the certificate so I could check my
>> mail, but I never did resolve it. It works correctly everywhere, and on my
>> phone as long as it does not try to verify, so I left it alone.
>>
>>
>>
>>
>>> I have been doing similar things on a CoxBusiness static IP for years,
>>> so maybe I can help. (Also Mike's latest silliness makes me wish for
>>> more erudite discussions on PLUG. Smart questions going unanswered
>>> only makes it worse? :-)
>>>
>>> I included a couple quick "reactions" to your email (below) but maybe
>>> this is moot now, a week on.
>>>
>>> -Matt
>>>
>>> On Thu, 2018-04-05 at 20:29 -0700, Nathan O'Brennan wrote:
>>>
>>>> Hey all,
>>>>
>>>> I use Let's Encrypt on my web server, and I use the same certificate for
>>>> my postfix and dovecot services. Today I realized that my phone has not
>>>> alerted me to new messages. I logged into my webmail via Firefix (I
>>>> don't usually log into webmail until my phone says I have mail) and sure
>>>> enough, I had quite a bit of mail, so I opened my BlueMail app and it
>>>> will not connect because my certificate cannot be verified.
>>>>
>>>> Firefox works fine on webmail.
>>>> Chrome works fine on webmail.
>>>> Postfix, Apache, and Dovecot all operate correctly without warnings.
>>>>
>>>> Bluemail, Thunderbird, and Kmail all fail to connect because the
>>>> certificate cannot be verified.
>>>>
>>>
>>> You did not attach the intermediate certificates?
>>>
>>> I had to accept the certificate to use it on my phone. Has Let's Encrypt
>>>> changed something? Or what? I don't get any errors on my server, dovecot
>>>> reports a username of <> during the initial handshake, which I think is
>>>> normal, then reports an error only when my phone attempts to connect
>>>> which looks like:
>>>>
>>>>
>>>> Apr 05 20:26:23 codezilla.xyz dovecot[1699]: imap-login: Disconnected
>>>> (no auth attempts in 3 secs): user=<>, rip=70.xxx.aaa.162,
>>>> lip=138.197.192.135, TLS handshaking: SSL_accept() failed:
>>>> error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate
>>>> unknown: SSL alert number 46, session=<xsrZniVpOQBGsb2i>
>>>>
>>>> Best I can tell this is a failure on my server's attempt to verify my
>>>> phone's certificate?
>>>>
>>>
>>> Your phone has an IMAP client certificate? I missed that part.
>>>
>>> The error message actually looks like mine when certificates do not
>>> validate and clients do not attempt to log in.
>>>
>>> Any help would be appreciated.
>>>> ---------------------------------------------------
>>>> PLUG-discuss mailing list -
>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>
>>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list -
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
>
>
> --
> A mouse trap, placed on top of your alarm clock, will prevent you from
> rolling over and going back to sleep after you hit the snooze button.
>
> Stephen
>
>


--
A mouse trap, placed on top of your alarm clock, will prevent you from
rolling over and going back to sleep after you hit the snooze button.

Stephen
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss
This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Re: Let's Encrypt certificatesRe: Free/Open Source Stammtisch on Tues March 20th (Tomorrow)->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)