Let's Encrypt certificates
Nathan O'Brennan
plugaz at codezilla.xyz
Thu Apr 5 20:29:10 MST 2018
Hey all,
I use Let's Encrypt on my web server, and I use the same certificate for
my postfix and dovecot services. Today I realized that my phone has not
alerted me to new messages. I logged into my webmail via Firefix (I
don't usually log into webmail until my phone says I have mail) and sure
enough, I had quite a bit of mail, so I opened my BlueMail app and it
will not connect because my certificate cannot be verified.
Firefox works fine on webmail.
Chrome works fine on webmail.
Postfix, Apache, and Dovecot all operate correctly without warnings.
Bluemail, Thunderbird, and Kmail all fail to connect because the
certificate cannot be verified.
I had to accept the certificate to use it on my phone. Has Let's Encrypt
changed something? Or what? I don't get any errors on my server, dovecot
reports a username of <> during the initial handshake, which I think is
normal, then reports an error only when my phone attempts to connect
which looks like:
Apr 05 20:26:23 codezilla.xyz dovecot[1699]: imap-login: Disconnected
(no auth attempts in 3 secs): user=<>, rip=70.xxx.aaa.162,
lip=138.197.192.135, TLS handshaking: SSL_accept() failed:
error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate
unknown: SSL alert number 46, session=<xsrZniVpOQBGsb2i>
Best I can tell this is a failure on my server's attempt to verify my
phone's certificate?
Any help would be appreciated.
More information about the PLUG-discuss
mailing list