no shared cipher openssl

[Mike Schroeder]

CentOS 7
Dovecot 2.2.36

Nov 14 07:13:08 mail dovecot: pop3-login: Disconnected (no auth attempts in
0 secs):
user=<>, rip=73.0.0.0, lip=192.64.118.242, TLS handshaking: SSL_accept()
failed:
error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher,
session=<>

Was working fine for over a year, until the cert expired and I replaced it.
I've tried the good cert I have for https and I used the Dovecot.org script
to generate a self-signed certificate.

10-ssl.conf
## SSL settings
#ssl = required
ssl = yes
#ssl = no
ssl_cert = </etc/pki/dovecot/certs/mydomain.com.crt
ssl_key =  </etc/pki/dovecot/private/mydomain.com.key
#ssl_ca =
#ssl_require_crl = yes
#ssl_client_ca_dir =
#ssl_client_ca_file =
#ssl_verify_client_cert = no
#ssl_cert_username_field = commonName
#ssl_dh_parameters_length = 1024
#ssl_protocols = !SSLv3

# SSL ciphers to use
# ols values  ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
ssl_cipher_list =
ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:
!RC4:!ADH:!LOW at STRENGTH

# Prefer the server's order of ciphers over client's.
#ssl_prefer_server_ciphers = no

# Prefer the server's order of ciphers over client's.
#ssl_prefer_server_ciphers = no
# SSL crypto device to use, for valid values run "openssl engine"
#ssl_crypto_device =

# SSL extra options. Currently supported options are:
#   no_compression - Disable compression.
#   no_ticket - Disable SSL session tickets.
#ssl_options =

===========================
# openssl x509 -dates -in mydomain.com.crt
notBefore=Nov 11 16:31:35 2020 GMT
notAfter=Nov 11 16:31:35 2022 GMT
-----BEGIN CERTIFICATE-----
             :
===========================
 # openssl pkey -in mydomain.com.key
-----BEGIN PRIVATE KEY-----
              :

Thanks for taking a look.  Any ideas on what I should do next to debug?

Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20201115/57636d31/attachment.html>