Let's Encrypt certificates

Nathan O'Brennan plugaz at codezilla.xyz
Tue Apr 17 16:00:51 MST 2018 

Other than my current issue, which is only on my phone, I use Roundcube 
for webmail, Let's Encrypt is excellent. I recommend it to everyone.








On 2018-04-17 15:46, Carruth, Rusty wrote:
> Actually, I was really hoping for answers, because I'm not using certs
> yet and know I've got to fix that.
> 
> Is Let's Encrypt good, other than your current issues?
> 
> Any place that's free and good (or cheap and perfect)?
> 
> 
> 
> Rusty Carruth | Customer Support | rusty.carruth at smarth.com |
> http://www.smarth.com
> 
>          See the new M4
> 
> See us on Storage Search    http://www.storagesearch.com/smart2.html
> 
> 510-624-5391   | Fax: 480-926-5579   | 1325 N. Fiesta Blvd.  Suite 101
> Gilbert, Az. 85233
> 
> This email message (and any attachments) is for the sole use of the
> intended recipient(s) and may contain confidential and privileged
> information. Any unauthorized review, use, disclosure or distribution
> is prohibited. If you are not the intended recipient, please contact
> the sender by reply e-mail and destroy all copies of the original
> message.
> 
> 
> -----Original Message-----
> From: PLUG-discuss [mailto:plug-discuss-bounces at lists.phxlinux.org] On
> Behalf Of Matt Birkholz
> Sent: Thursday, April 12, 2018 11:27 AM
> To: plugaz at codezilla.xyz; Main PLUG discussion list
> Subject: Re: Let's Encrypt certificates
> 
> Hi Nathan,
> 
> Did you get any help with this, or figure it out yourself by now?
> 
> I have been doing similar things on a CoxBusiness static IP for years,
> so maybe I can help.  (Also Mike's latest silliness makes me wish for
> more erudite discussions on PLUG.  Smart questions going unanswered
> only makes it worse? :-)
> 
> I included a couple quick "reactions" to your email (below) but maybe
> this is moot now, a week on.
> 
> -Matt
> 
> On Thu, 2018-04-05 at 20:29 -0700, Nathan O'Brennan wrote:
>> Hey all,
>> 
>> I use Let's Encrypt on my web server, and I use the same certificate 
>> for
>> my postfix and dovecot services. Today I realized that my phone has 
>> not
>> alerted me to new messages. I logged into my webmail via Firefix (I
>> don't usually log into webmail until my phone says I have mail) and 
>> sure
>> enough, I had quite a bit of mail, so I opened my BlueMail app and it
>> will not connect because my certificate cannot be verified.
>> 
>> Firefox works fine on webmail.
>> Chrome works fine on webmail.
>> Postfix, Apache, and Dovecot all operate correctly without warnings.
>> 
>> Bluemail, Thunderbird, and Kmail all fail to connect because the
>> certificate cannot be verified.
> 
> You did not attach the intermediate certificates?
> 
>> I had to accept the certificate to use it on my phone. Has Let's 
>> Encrypt
>> changed something? Or what? I don't get any errors on my server, 
>> dovecot
>> reports a username of <> during the initial handshake, which I think 
>> is
>> normal, then reports an error only when my phone attempts to connect
>> which looks like:
>> 
>> 
>> Apr 05 20:26:23 codezilla.xyz dovecot[1699]: imap-login: Disconnected
>> (no auth attempts in 3 secs): user=<>, rip=70.xxx.aaa.162,
>> lip=138.197.192.135, TLS handshaking: SSL_accept() failed:
>> error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate
>> unknown: SSL alert number 46, session=<xsrZniVpOQBGsb2i>
>> 
>> Best I can tell this is a failure on my server's attempt to verify my
>> phone's certificate?
> 
> Your phone has an IMAP client certificate?  I missed that part.
> 
> The error message actually looks like mine when certificates do not
> validate and clients do not attempt to log in.
> 
>> Any help would be appreciated.
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x241A8881.asc
Type: application/pgp-keys
Size: 1723 bytes
Desc: not available
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180417/e31a76dd/attachment.key>

More information about the PLUG-discuss mailing list