On 12/04/2021 17:13 Christopher Wensink cwensink@five-star-plastics.com wrote:
Dovecot Team,
I need a little help. I came in this morning and it seems like the SSL Certificates expired for dovecot (on an internal mail server) and nobody can move email into their folders on this server. In Thunderbird they just see in the status bar: HISTORY: checking mail server capabilities...
In /var/log/maillog:
Apr 12 09:02:26 mario2 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=10.5.1.85, lip=10.5.1.17, TLS: SSL_read() failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42, session=
I have tried:
-Restarting Dovecot -Restarting the whole mail server -Re-creating the .pem files, first moving the old files in /etc/pki/dovecot/certs and /etc/pki/dovecot/private from dovecot.pem to dovecot-old.pem, - Re-creating a new dovecot.pem using the mkcert.sh script in the doc folder in /usr/share/doc/dovecot-2.2.36/, - restarting dovecot - changing the cert values in dovecot-openssl.cnf
I also tried creating new .crt and key files using this tutorial: https://msol.io/blog/tech/create-a-self-signed-ssl-certificate-with-openssl/
I need some assistance, thank you for your help.
Chris
Please use real certs if possible. Otherwise you need to install the used CA certificate, or the self-signed certificate, to all the clients. Or reset the exception there, and then tell all your users to redo the exception. Using real certs is easier.
Aki