Let's Encrypt certificates

Stephen Partington cryptworks at gmail.com
Fri Apr 13 15:03:40 MST 2018


Sorry, I lost this off my radar.

https://letsencrypt.org/docs/integration-guide/ has some interesting
information. Have you tested your ssl?

On Fri, Apr 13, 2018 at 2:47 PM, Nathan O'Brennan <plugaz at codezilla.xyz>
wrote:

> On 2018-04-12 11:27, Matt Birkholz wrote:
>
>> Hi Nathan,
>>
>> Did you get any help with this, or figure it out yourself by now?
>>
>
> No, to be honest I haven't seen a single response, but I have also not
> seen any email come in since I sent it, so I kind of thought maybe my
> certificate was messed up somehow else.
>
> I ended up having my phone accept the certificate so I could check my
> mail, but I never did resolve it. It works correctly everywhere, and on my
> phone as long as it does not try to verify, so I left it alone.
>
>
>
>
>> I have been doing similar things on a CoxBusiness static IP for years,
>> so maybe I can help.  (Also Mike's latest silliness makes me wish for
>> more erudite discussions on PLUG.  Smart questions going unanswered
>> only makes it worse? :-)
>>
>> I included a couple quick "reactions" to your email (below) but maybe
>> this is moot now, a week on.
>>
>> -Matt
>>
>> On Thu, 2018-04-05 at 20:29 -0700, Nathan O'Brennan wrote:
>>
>>> Hey all,
>>>
>>> I use Let's Encrypt on my web server, and I use the same certificate for
>>> my postfix and dovecot services. Today I realized that my phone has not
>>> alerted me to new messages. I logged into my webmail via Firefix (I
>>> don't usually log into webmail until my phone says I have mail) and sure
>>> enough, I had quite a bit of mail, so I opened my BlueMail app and it
>>> will not connect because my certificate cannot be verified.
>>>
>>> Firefox works fine on webmail.
>>> Chrome works fine on webmail.
>>> Postfix, Apache, and Dovecot all operate correctly without warnings.
>>>
>>> Bluemail, Thunderbird, and Kmail all fail to connect because the
>>> certificate cannot be verified.
>>>
>>
>> You did not attach the intermediate certificates?
>>
>> I had to accept the certificate to use it on my phone. Has Let's Encrypt
>>> changed something? Or what? I don't get any errors on my server, dovecot
>>> reports a username of <> during the initial handshake, which I think is
>>> normal, then reports an error only when my phone attempts to connect
>>> which looks like:
>>>
>>>
>>> Apr 05 20:26:23 codezilla.xyz dovecot[1699]: imap-login: Disconnected
>>> (no auth attempts in 3 secs): user=<>, rip=70.xxx.aaa.162,
>>> lip=138.197.192.135, TLS handshaking: SSL_accept() failed:
>>> error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate
>>> unknown: SSL alert number 46, session=<xsrZniVpOQBGsb2i>
>>>
>>> Best I can tell this is a failure on my server's attempt to verify my
>>> phone's certificate?
>>>
>>
>> Your phone has an IMAP client certificate?  I missed that part.
>>
>> The error message actually looks like mine when certificates do not
>> validate and clients do not attempt to log in.
>>
>> Any help would be appreciated.
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>



-- 
A mouse trap, placed on top of your alarm clock, will prevent you from
rolling over and going back to sleep after you hit the snooze button.

Stephen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180413/66442a1b/attachment.html>


More information about the PLUG-discuss mailing list