On 12/7/21 2:49 PM, Alexander Dalloz wrote:
Use a not expired certificate.
$ openssl s_client -connect 194.163.45.150:993
CONNECTED(00000003)
depth=3 O = Digital Signature Trust Co., CN = DST Root CA X3
verify error:num=10:certificate has expired
notAfter=Sep 30 14:01:15 2021 GMT
That error's happening because you (Alexander) are using an old openssl
version that has the problem described on:
https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/
That's not the problem that the original poster is having unless
Thunderbird also has the same problem, which it may; see:
https://community.letsencrypt.org/t/note-regarding-transition-to-r3-intermediate-with-firefox-or-thunderbird/140049
https://www.arcanoae.com/adding-lets-encrypts-new-root-and-intermediate-certificates-to-mozilla-applications/
In any case, this works fine with OpenSSL 1.1 or later:
$ openssl s_client -connect mail.sizzelicks.com:993
...
* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE
LITERAL+ AUTH=PLAIN AUTH=LOGIN] Dovecot (Ubuntu) ready.
--
Robert L Mathews, Tiger Technologies, http://www.tigertech.net/