Let's Encrypt certificates

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Nathan O'Brennan
Date:  
To: Phoenix LUG
Subject: Let's Encrypt certificates

Hey all,

I use Let's Encrypt on my web server, and I use the same certificate for
my postfix and dovecot services. Today I realized that my phone has not
alerted me to new messages. I logged into my webmail via Firefix (I
don't usually log into webmail until my phone says I have mail) and sure
enough, I had quite a bit of mail, so I opened my BlueMail app and it
will not connect because my certificate cannot be verified.

Firefox works fine on webmail.
Chrome works fine on webmail.
Postfix, Apache, and Dovecot all operate correctly without warnings.

Bluemail, Thunderbird, and Kmail all fail to connect because the
certificate cannot be verified.

I had to accept the certificate to use it on my phone. Has Let's Encrypt
changed something? Or what? I don't get any errors on my server, dovecot
reports a username of <> during the initial handshake, which I think is
normal, then reports an error only when my phone attempts to connect
which looks like:


Apr 05 20:26:23 codezilla.xyz dovecot[1699]: imap-login: Disconnected
(no auth attempts in 3 secs): user=<>, rip=70.xxx.aaa.162,
lip=138.197.192.135, TLS handshaking: SSL_accept() failed:
error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate
unknown: SSL alert number 46, session=<xsrZniVpOQBGsb2i>

Best I can tell this is a failure on my server's attempt to verify my
phone's certificate?

Any help would be appreciated.
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss