On 2018-04-12 11:27, Matt Birkholz wrote:
Hi Nathan,Did you get any help with this, or figure it out yourself by now?
No, to be honest I haven't seen a single response, but I have also not seen any email come in since I sent it, so I kind of thought maybe my certificate was messed up somehow else.
I ended up having my phone accept the certificate so I could check my mail, but I never did resolve it. It works correctly everywhere, and on my phone as long as it does not try to verify, so I left it alone.
I have been doing similar things on a CoxBusiness static IP for years, so maybe I can help. (Also Mike's latest silliness makes me wish for more erudite discussions on PLUG. Smart questions going unanswered only makes it worse? :-) I included a couple quick "reactions" to your email (below) but maybe this is moot now, a week on. -Matt On Thu, 2018-04-05 at 20:29 -0700, Nathan O'Brennan wrote:Hey all,I use Let's Encrypt on my web server, and I use the same certificate for my postfix and dovecot services. Today I realized that my phone has notalerted me to new messages. I logged into my webmail via Firefix (Idon't usually log into webmail until my phone says I have mail) and sureenough, I had quite a bit of mail, so I opened my BlueMail app and it will not connect because my certificate cannot be verified. Firefox works fine on webmail. Chrome works fine on webmail. Postfix, Apache, and Dovecot all operate correctly without warnings. Bluemail, Thunderbird, and Kmail all fail to connect because the certificate cannot be verified.You did not attach the intermediate certificates?I had to accept the certificate to use it on my phone. Has Let's Encrypt changed something? Or what? I don't get any errors on my server, dovecot reports a username of <> during the initial handshake, which I think isnormal, then reports an error only when my phone attempts to connect which looks like: Apr 05 20:26:23 codezilla.xyz dovecot[1699]: imap-login: Disconnected (no auth attempts in 3 secs): user=<>, rip=70.xxx.aaa.162, lip=138.197.192.135, TLS handshaking: SSL_accept() failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46, session=<xsrZniVpOQBGsb2i> Best I can tell this is a failure on my server's attempt to verify my phone's certificate?Your phone has an IMAP client certificate? I missed that part. The error message actually looks like mine when certificates do not validate and clients do not attempt to log in.Any help would be appreciated. --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
0x241A8881.asc
Description: application/pgp-keys
--------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
