t/s expired cert error

Yassine Chaouche a.chaouche at algerian-radio.dz
Tue Mar 2 16:17:41 EET 2021 

Looks fine from my side, both on pop3s
------------------------------------------------------------------------

ychaouche#ychaouche-PC 13:58:25 ~ $ openssl s_client -connect 
103.106.168.105:*995* -CApath /etc/ssl/certs
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = emu.sbt.net.au
verify return:1
---
Certificate chain
  0 s:/CN=emu.sbt.net.au
    i:/C=US/O=Let's Encrypt/CN=R3
  1 s:/C=US/O=Let's Encrypt/CN=R3
    i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
subject=/CN=emu.sbt.net.au
issuer=/C=US/O=Let's Encrypt/CN=R3
---
[...]
     Start Time: 1614694135
     Timeout   : 300 (sec)
*Verify return code: 0 (ok)*
---
+OK Dovecot ready.
^C
ychaouche#ychaouche-PC 15:09:01 ~ $

------------------------------------------------------------------------

and on pop3 with starttls

------------------------------------------------------------------------


ychaouche#ychaouche-PC 15:14:28 ~ $ openssl s_client*-starttls pop3* 
-connect 103.106.168.105*:pop3* -CApath /etc/ssl/certs
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = emu.sbt.net.au
verify return:1
---
Certificate chain
  0 s:/CN=emu.sbt.net.au
    i:/C=US/O=Let's Encrypt/CN=R3
  1 s:/C=US/O=Let's Encrypt/CN=R3
    i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
subject=/CN=emu.sbt.net.au
issuer=/C=US/O=Let's Encrypt/CN=R3
---
[...]
     Start Time: 1614694499
     Timeout   : 300 (sec)
     Verify return code: 0 (ok)
---
+OK Dovecot ready.
^C
ychaouche#ychaouche-PC 15:15:04 ~ $

------------------------------------------------------------------------




Le 3/2/21 à 1:41 PM, Erwan David a écrit :
> Le 02/03/2021 à 13:29, Voytek Eymont a écrit :
>> since a couple of days one of users reported getting expired certificate
>> error in TB, looking at the log, I can see like:
>>
>> Mar 02 21:46:24 pop3-login: Info: Disconnected (no auth attempts in 0
>> secs): user=<>, rip=111.222.333.444, lip=103.106.168.105, TLS: SSL_read
>> failed: error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert
>> certificate expired: SSL alert number 45, session=<...>
>
> Here it is the certificate presented on the pop3 port (either port 110
> with a STLS command or port 995)
>
>
>> but, looking at server with
>> https://ssl-tools.net/mailservers/emu.sbt.net.au it says 'valid' as does
>> certbot tool
>
> Here it seems te site tests the smtp server (on port 25), which is not
> handled by dovecot. You probably have different certificates on both.
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20210302/b4c4147d/attachment-0001.html>

More information about the dovecot mailing list