SSL errors after certificate renewal
Aki Tuomi
aki.tuomi at open-xchange.com
Wed Sep 8 09:56:20 EEST 2021
> On 07/09/2021 20:25 Amol Kulkarni <amolk112k at gmail.com> wrote:
>
>
> Hello,
>
>
> After I replaced my certificate with a new one yesterday, I'm seeing some ssl related errors. There are successful pop/imap logins using SSL also. So I think the certificate in itself is fine. No user has complained as yet, so I don't know for sure. However the count of errors has surely increased after installing the new certificate.
> There are 2 errors seen :
> dovecot: imap-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=, lip
> =, TLS handshaking: SSL_accept() failed: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown: SSL alert number 46, session=<9m0AnVnL
> 2pHf4hso>
>
>
> dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=, lip
> =, TLS: SSL_read() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate: SSL alert number 42, session=<ww/b6VfLmeR7yTog>
>
> Kindly help with some pointers.
>
> Thanks and Regards,
> Amol
This is caused by not including intermediate certificates with ssl_cert.
If you are using LE or similar service, make sure you use the *fullchain* certificate for ssl_cert.
Aki
More information about the dovecot
mailing list