> On 07/09/2021 20:25 Amol Kulkarni <amolk1...@gmail.com> wrote: > > > Hello, > > > After I replaced my certificate with a new one yesterday, I'm seeing some ssl > related errors. There are successful pop/imap logins using SSL also. So I > think the certificate in itself is fine. No user has complained as yet, so I > don't know for sure. However the count of errors has surely increased after > installing the new certificate. > There are 2 errors seen : > dovecot: imap-login: Disconnected (no auth attempts in 1 secs): user=<>, > rip=, lip > =, TLS handshaking: SSL_accept() failed: error:14094416:SSL > routines:SSL3_READ_BYTES:sslv3 alert certificate unknown: SSL alert number > 46, session=<9m0AnVnL > 2pHf4hso> > > > dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, > rip=, lip > =, TLS: SSL_read() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 > alert bad certificate: SSL alert number 42, session=<ww/b6VfLmeR7yTog> > > Kindly help with some pointers. > > Thanks and Regards, > Amol
This is caused by not including intermediate certificates with ssl_cert. If you are using LE or similar service, make sure you use the *fullchain* certificate for ssl_cert. Aki