Problem with Let's Encrypt Certificate
chaouche yacine
yacinechaouche at yahoo.com
Fri Feb 17 21:38:29 UTC 2017
Seems wrong to me too, Robert. If you put your private key inside your certificate, won't it be sent to the client along with it ?
Bastian, are you using an old version of thunderbird ? googling for "SSL alert number 42" gave me two results indicating a bug in thunderbird versions 31,32 and 33. You can check these links if you wish :
* http://www.dovecot.org/list/dovecot/2014-July/097133.html
* http://unix.stackexchange.com/questions/123367/thunderbird-fails-to-connect-to-dovecot-and-postfix
-- Yassine
On Friday, February 17, 2017 7:29 PM, Robert L Mathews <lists at tigertech.com> wrote:
On 2/17/17 8:58 AM, Bastian Sebode wrote:
> I uploaded two Wireshark tracefiles, further logs and dovecot -n
Looking at your dovecot -n, you're using two different files here:
ssl_cert = </etc/ssl/sebode-online.de/chain.pem
ssl_key = </etc/ssl/sebode-online.de/key.pem
Are you sure these two files match, and contain the right things in the
right order?
We use a single PEM file as input for both of these parameters, and that
PEM file contains, in this order:
-----BEGIN RSA PRIVATE KEY-----
...
-----BEGIN CERTIFICATE-----
...
-----BEGIN CERTIFICATE-----
... where the first BEGIN CERTIFICATE is the specific hostname one, and
the second BEGIN CERTIFICATE is the Let's Encrypt X3 intermediate
certificate that ends with "DNFu0Qg==".
You're also manually specifying these non-default parameters:
ssl_cipher_list = ...
ssl_prefer_server_ciphers = yes
ssl_protocols = !SSLv2 !SSLv3
For testing, I would simplify. Does it work without any of those three
things set?
--
Robert L Mathews, Tiger Technologies, http://www.tigertech.net/
More information about the dovecot
mailing list