Problem with Let's Encrypt Certificate
Bastian Sebode
b.sebode at linet-services.de
Fri Feb 17 20:31:29 UTC 2017
Hey Robert,
thanks for your reply.
Am 17.02.2017 um 19:28 schrieb Robert L Mathews:
> Looking at your dovecot -n, you're using two different files here:
>
> ssl_cert = </etc/ssl/sebode-online.de/chain.pem
> ssl_key = </etc/ssl/sebode-online.de/key.pem
>
> Are you sure these two files match, and contain the right things in the
> right order?
>
Yes, unfortunately I'm sure that everything has the right order. As you
can see in the trace, both certificates (mine and the intermediate) get
transferred to the client on connection.
> We use a single PEM file as input for both of these parameters, and that
> PEM file contains, in this order:
>
> -----BEGIN RSA PRIVATE KEY-----
> ...
> -----BEGIN CERTIFICATE-----
> ...
> -----BEGIN CERTIFICATE-----
>
> ... where the first BEGIN CERTIFICATE is the specific hostname one, and
> the second BEGIN CERTIFICATE is the Let's Encrypt X3 intermediate
> certificate that ends with "DNFu0Qg==".
>
Tried that, but without success. But your usage doesn't seem right to
me. The parameters are not called ssl_cert and ssl_key for nothing. ;-)
Normally you don't want your private key to have any other permissions
than 600.
> You're also manually specifying these non-default parameters:
>
> ssl_cipher_list = ...
> ssl_prefer_server_ciphers = yes
> ssl_protocols = !SSLv2 !SSLv3
>
> For testing, I would simplify. Does it work without any of those three
> things set?
>
Tried this before. I set all SSL specific settings exactly like my
friend where it works without a problem. But it doesn't work for me.
Thanks anyway for your effort!
Bastian
--
Bastian Sebode
Fachinformatiker Systemintegration
LINET Services GmbH | Cyriaksring 10a | 38118 Braunschweig
Tel. 0531-180508-0 | Fax 0531-180508-29 | http://www.linet-services.de
LINET in den sozialen Netzwerken:
www.twitter.com/linetservices | www.facebook.com/linetservices
Wissenswertes aus der IT-Welt: www.linet-services.de/blog/
Geschäftsführung: Timo Springmann, Mirko Savic und Moritz Bunkus
HR B 9170 Amtsgericht Braunschweig
USt-IdNr. DE 259 526 516
More information about the dovecot
mailing list