On Sun, July 22, 2018 11:22 pm, dclist@list.jmatt.net wrote:
Usually, a browser connects to a web server on port 443, while an email client connects to an IMAP or POP server on a different port, served by different software. Just because your browser receives a current/valid cert, that doesn’t mean your dovecot server is sending the same certificate.
Assuming the sbt.net.au http://sbt.net.au/ in your email address is the address of your dovecot server, I tried
openssl s_client -connect sbt.net.au:143 -starttls imap
And received a cert which includes:
Certificate: Data: Version: 3 (0x2) Serial Number: 03:5b:41:a6:f4:a6:33:eb:5b:ac:af:b8:20:96:f4:0e:20:b9 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3 Validity Not Before: Apr 23 11:11:28 2018 GMT Not After : Jul 22 11:11:28 2018 GMT Subject: CN=geko.sbt.net.au http://geko.sbt.net.au/
Dovecot is sending an expired cert. Pascai is correct; you need to restart it.
Pascal, "dclist", thanks!!
I've restarted Dovecot, and, I think it's OK now
sorry, I've panicked as googling turned multiple iphone/certs issue, and, rather than properly testing first, I stupidly panicked...
thanks for explanation, thanks for testing!!
so, basically, after each renewal of server's cert I should remember to reload Dovecot (and maybe Postfix too?)
thanks again,
-- Voytek