<div dir="ltr"><div class="gmail_default"><font face="trebuchet ms, sans-serif"><a href="https://www.ssllabs.com/ssltest/analyze.html?d=codezilla.xyz">https://www.ssllabs.com/ssltest/analyze.html?d=codezilla.xyz</a></font><br></div><div class="gmail_default"><font face="trebuchet ms, sans-serif"><br></font></div><div class="gmail_default"><font face="trebuchet ms, sans-serif">So it looks great.</font></div><div class="gmail_default"><font face="trebuchet ms, sans-serif"><br></font></div><div class="gmail_default"><font face="trebuchet ms, sans-serif">This does look like a feature change was recently done. <a href="https://letsencrypt.org/2018/04/04/sct-encoding.html">https://letsencrypt.org/2018/04/04/sct-encoding.html</a></font></div><div class="gmail_default"><font face="trebuchet ms, sans-serif"><br></font></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Apr 13, 2018 at 3:03 PM, Stephen Partington <span dir="ltr"><<a href="mailto:cryptworks@gmail.com" target="_blank">cryptworks@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_default" style="font-family:"trebuchet ms",sans-serif">Sorry, I lost this off my radar.</div><div class="gmail_default" style="font-family:"trebuchet ms",sans-serif"><br></div><div class="gmail_default"><font face="trebuchet ms, sans-serif"><a href="https://letsencrypt.org/docs/integration-guide/" target="_blank">https://letsencrypt.org/docs/<wbr>integration-guide/</a> has some interesting information. Have you tested your ssl?</font></div></div><div class="gmail_extra"><div><div class="h5"><br><div class="gmail_quote">On Fri, Apr 13, 2018 at 2:47 PM, Nathan O'Brennan <span dir="ltr"><<a href="mailto:plugaz@codezilla.xyz" target="_blank">plugaz@codezilla.xyz</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>On 2018-04-12 11:27, Matt Birkholz wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi Nathan,<br>
<br>
Did you get any help with this, or figure it out yourself by now?<br>
</blockquote>
<br></span>
No, to be honest I haven't seen a single response, but I have also not seen any email come in since I sent it, so I kind of thought maybe my certificate was messed up somehow else.<br>
<br>
I ended up having my phone accept the certificate so I could check my mail, but I never did resolve it. It works correctly everywhere, and on my phone as long as it does not try to verify, so I left it alone.<div class="m_-4197598283712719865HOEnZb"><div class="m_-4197598283712719865h5"><br>
<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
I have been doing similar things on a CoxBusiness static IP for years,<br>
so maybe I can help. (Also Mike's latest silliness makes me wish for<br>
more erudite discussions on PLUG. Smart questions going unanswered<br>
only makes it worse? :-)<br>
<br>
I included a couple quick "reactions" to your email (below) but maybe<br>
this is moot now, a week on.<br>
<br>
-Matt<br>
<br>
On Thu, 2018-04-05 at 20:29 -0700, Nathan O'Brennan wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hey all,<br>
<br>
I use Let's Encrypt on my web server, and I use the same certificate for<br>
my postfix and dovecot services. Today I realized that my phone has not<br>
alerted me to new messages. I logged into my webmail via Firefix (I<br>
don't usually log into webmail until my phone says I have mail) and sure<br>
enough, I had quite a bit of mail, so I opened my BlueMail app and it<br>
will not connect because my certificate cannot be verified.<br>
<br>
Firefox works fine on webmail.<br>
Chrome works fine on webmail.<br>
Postfix, Apache, and Dovecot all operate correctly without warnings.<br>
<br>
Bluemail, Thunderbird, and Kmail all fail to connect because the<br>
certificate cannot be verified.<br>
</blockquote>
<br>
You did not attach the intermediate certificates?<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I had to accept the certificate to use it on my phone. Has Let's Encrypt<br>
changed something? Or what? I don't get any errors on my server, dovecot<br>
reports a username of <> during the initial handshake, which I think is<br>
normal, then reports an error only when my phone attempts to connect<br>
which looks like:<br>
<br>
<br>
Apr 05 20:26:23 <a href="http://codezilla.xyz" rel="noreferrer" target="_blank">codezilla.xyz</a> dovecot[1699]: imap-login: Disconnected<br>
(no auth attempts in 3 secs): user=<>, rip=70.xxx.aaa.162,<br>
lip=138.197.192.135, TLS handshaking: SSL_accept() failed:<br>
error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate<br>
unknown: SSL alert number 46, session=<xsrZniVpOQBGsb2i><br>
<br>
Best I can tell this is a failure on my server's attempt to verify my<br>
phone's certificate?<br>
</blockquote>
<br>
Your phone has an IMAP client certificate? I missed that part.<br>
<br>
The error message actually looks like mine when certificates do not<br>
validate and clients do not attempt to log in.<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Any help would be appreciated.<br>
------------------------------<wbr>---------------------<br>
PLUG-discuss mailing list - <a href="mailto:PLUG-discuss@lists.phxlinux.org" target="_blank">PLUG-discuss@lists.phxlinux.or<wbr>g</a><br>
To subscribe, unsubscribe, or to change your mail settings:<br>
<a href="http://lists.phxlinux.org/mailman/listinfo/plug-discuss" rel="noreferrer" target="_blank">http://lists.phxlinux.org/mail<wbr>man/listinfo/plug-discuss</a><br>
</blockquote></blockquote>
</div></div><br>------------------------------<wbr>---------------------<br>
PLUG-discuss mailing list - <a href="mailto:PLUG-discuss@lists.phxlinux.org" target="_blank">PLUG-discuss@lists.phxlinux.or<wbr>g</a><br>
To subscribe, unsubscribe, or to change your mail settings:<br>
<a href="http://lists.phxlinux.org/mailman/listinfo/plug-discuss" rel="noreferrer" target="_blank">http://lists.phxlinux.org/mail<wbr>man/listinfo/plug-discuss</a><br></blockquote></div><br><br clear="all"><div><br></div></div></div><span class="HOEnZb"><font color="#888888">-- <br><div class="m_-4197598283712719865gmail_signature" data-smartmail="gmail_signature">A mouse trap, placed on top of your alarm clock, will prevent you from rolling over and going back to sleep after you hit the snooze button.<br><br>Stephen<br><br></div>
</font></span></div>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature">A mouse trap, placed on top of your alarm clock, will prevent you from rolling over and going back to sleep after you hit the snooze button.<br><br>Stephen<br><br></div>
</div>