On 12/7/21 2:49 PM, Alexander Dalloz wrote:
Use a not expired certificate.
$ openssl s_client -connect 194.163.45.150:993 CONNECTED(00000003) depth=3 O = Digital Signature Trust Co., CN = DST Root CA X3 verify error:num=10:certificate has expired notAfter=Sep 30 14:01:15 2021 GMT
That error's happening because you (Alexander) are using an old openssl version that has the problem described on:
https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/
That's not the problem that the original poster is having unless Thunderbird also has the same problem, which it may; see:
https://community.letsencrypt.org/t/note-regarding-transition-to-r3-intermed...
https://www.arcanoae.com/adding-lets-encrypts-new-root-and-intermediate-cert...
In any case, this works fine with OpenSSL 1.1 or later:
$ openssl s_client -connect mail.sizzelicks.com:993 ...
- OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN AUTH=LOGIN] Dovecot (Ubuntu) ready.
-- Robert L Mathews, Tiger Technologies, http://www.tigertech.net/