Re: Let's Encrypt certificates

Top Page
Attachments:
Message as email
+ (text/plain)
+ 0x241A8881.asc (application/pgp-keys)
+ (text/plain)
Delete this message
Reply to this message
Author: Nathan O'Brennan
Date:  
To: Matt Birkholz
CC: Main PLUG discussion list
Subject: Re: Let's Encrypt certificates
On 2018-04-12 11:27, Matt Birkholz wrote:
> Hi Nathan,
>
> Did you get any help with this, or figure it out yourself by now?


No, to be honest I haven't seen a single response, but I have also not
seen any email come in since I sent it, so I kind of thought maybe my
certificate was messed up somehow else.

I ended up having my phone accept the certificate so I could check my
mail, but I never did resolve it. It works correctly everywhere, and on
my phone as long as it does not try to verify, so I left it alone.


>
> I have been doing similar things on a CoxBusiness static IP for years,
> so maybe I can help. (Also Mike's latest silliness makes me wish for
> more erudite discussions on PLUG. Smart questions going unanswered
> only makes it worse? :-)
>
> I included a couple quick "reactions" to your email (below) but maybe
> this is moot now, a week on.
>
> -Matt
>
> On Thu, 2018-04-05 at 20:29 -0700, Nathan O'Brennan wrote:
>> Hey all,
>>
>> I use Let's Encrypt on my web server, and I use the same certificate
>> for
>> my postfix and dovecot services. Today I realized that my phone has
>> not
>> alerted me to new messages. I logged into my webmail via Firefix (I
>> don't usually log into webmail until my phone says I have mail) and
>> sure
>> enough, I had quite a bit of mail, so I opened my BlueMail app and it
>> will not connect because my certificate cannot be verified.
>>
>> Firefox works fine on webmail.
>> Chrome works fine on webmail.
>> Postfix, Apache, and Dovecot all operate correctly without warnings.
>>
>> Bluemail, Thunderbird, and Kmail all fail to connect because the
>> certificate cannot be verified.
>
> You did not attach the intermediate certificates?
>
>> I had to accept the certificate to use it on my phone. Has Let's
>> Encrypt
>> changed something? Or what? I don't get any errors on my server,
>> dovecot
>> reports a username of <> during the initial handshake, which I think
>> is
>> normal, then reports an error only when my phone attempts to connect
>> which looks like:
>>
>>
>> Apr 05 20:26:23 codezilla.xyz dovecot[1699]: imap-login: Disconnected
>> (no auth attempts in 3 secs): user=<>, rip=70.xxx.aaa.162,
>> lip=138.197.192.135, TLS handshaking: SSL_accept() failed:
>> error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate
>> unknown: SSL alert number 46, session=<xsrZniVpOQBGsb2i>
>>
>> Best I can tell this is a failure on my server's attempt to verify my
>> phone's certificate?
>
> Your phone has an IMAP client certificate? I missed that part.
>
> The error message actually looks like mine when certificates do not
> validate and clients do not attempt to log in.
>
>> Any help would be appreciated.
>> ---------------------------------------------------
>> PLUG-discuss mailing list -
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss

---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss