On 3.12.2010, at 2.15, Tim Traver wrote:
local 209.132.xx.4 { ssl_cert = *.xxxxx.com.crt-pem-298 ssl_key = .xxxxx.com.key-298 }
I have several of these, and there appears to be a problem with one in particular that is dropping connections, and I'm not sure why.
Your doveconf output has two and here you say several. So are there multiple ones that work or only one?
This particular one drops the connection when I try to connect to IMAP using TLS on port 143, or using the IMAP SSL port of 993. When I try it using Thunderbird, I am using the default settings for both tests.
Test with openssl s_client -connect localhost:993
The Thunderbird error I get is "The server has disconnected. The server may have gone down or there may be a network problem." I don't see any errors in the dovecot error log or the system error log, and when using doveadm who to view the current connections, it does not show a connection. I tried enabling the logs for SSL errors, but nothing appears for my IP when attempting to connect.
Set verbose_ssl=yes to log more stuff about SSL.
But, I don't know how that would make a difference since one of the separated IP's works with its cert, and the other one disconnects.
Would be easiest if you could test with a simple setup where there is only a single SSL cert. Then it would be clear if the problem has to do with SSL cert itself or about the per-IP settings.
If it has to do with SSL cert, you could also try if you can connect with s_client to openssl s_server running with that cert.