error 42 ssl certificate expired

[gmail]

Hi,

I got news: dovecot is the one that is broken, i got setup all other 
stuff updated to latest BUT not dovecot, and i got working system.


if I upgrade dovecot, the installation breaks. I'm using letencrypt's certs.


The version that is good is 2.3.7.2 (3c910f64b)


Heiko Schlittermann kirjoitti 12.4.2021 klo 23:20:
> Hi,
>
>> In our case this is an internally used Dovecot Mail server that's used for
> …
>> certificates worth the expense? Just curious on what everyone's opinion is
>> of Digital Certs signed by certificate authorities that are only used inside
>> the LAN. Thoughts?
> Aki is right. On the long run it's easier to use "offcial" certs. Since
> the advent of Let's encrypt it is cheap.
>
> Of course, getting a certificate from Let's Encrypt for an internal
> service isn't as easy as for a public HTTP server, but it is possible.
>
> (We use a dedicated machine, requesting certs for all our internal
> services, employing the DNS challenge with Let's Encrypt. From this
> dedicated machine then we deploy the certs into our internal
> infrastructure using https://gitea.schlittermann.de/heiko/cert-proxy.git)
>
>>>> I also tried creating new .crt and key files using this tutorial:
>>>> https://msol.io/blog/tech/create-a-self-signed-ssl-certificate-with-openssl/
> No need to use tech blogs. Use "man req" and brain.
>
>          openssl req -x509 -new \
>                  -out ssl.pem \
>                  -keyout ssl.pem -newkey rsa:4096 -nodes \
>                  -subj /CN=example.com -days 365
>
>          (or two distinct files for crt and key).