Usually with LE, the filename is fullchain.pem, not chain.pem.
Can you please doublecheck this?
Also, try
openssl s_client -connect hostname:143 -starttls imap
Aki
On February 17, 2017 at 10:31 PM Bastian Sebode <b.sebode@linet-services.de> wrote:
Hey Robert,
thanks for your reply.
Am 17.02.2017 um 19:28 schrieb Robert L Mathews:
Looking at your dovecot -n, you're using two different files here:
ssl_cert = </etc/ssl/sebode-online.de/chain.pem ssl_key = </etc/ssl/sebode-online.de/key.pem
Are you sure these two files match, and contain the right things in the right order?
Yes, unfortunately I'm sure that everything has the right order. As you can see in the trace, both certificates (mine and the intermediate) get transferred to the client on connection.
We use a single PEM file as input for both of these parameters, and that PEM file contains, in this order:
-----BEGIN RSA PRIVATE KEY----- ... -----BEGIN CERTIFICATE----- ... -----BEGIN CERTIFICATE-----
... where the first BEGIN CERTIFICATE is the specific hostname one, and the second BEGIN CERTIFICATE is the Let's Encrypt X3 intermediate certificate that ends with "DNFu0Qg==".
Tried that, but without success. But your usage doesn't seem right to me. The parameters are not called ssl_cert and ssl_key for nothing. ;-) Normally you don't want your private key to have any other permissions than 600.
You're also manually specifying these non-default parameters:
ssl_cipher_list = ... ssl_prefer_server_ciphers = yes ssl_protocols = !SSLv2 !SSLv3
For testing, I would simplify. Does it work without any of those three things set?
Tried this before. I set all SSL specific settings exactly like my friend where it works without a problem. But it doesn't work for me.
Thanks anyway for your effort! Bastian
Bastian Sebode Fachinformatiker Systemintegration
LINET Services GmbH | Cyriaksring 10a | 38118 Braunschweig Tel. 0531-180508-0 | Fax 0531-180508-29 | http://www.linet-services.de
LINET in den sozialen Netzwerken: www.twitter.com/linetservices | www.facebook.com/linetservices Wissenswertes aus der IT-Welt: www.linet-services.de/blog/
Geschäftsführung: Timo Springmann, Mirko Savic und Moritz Bunkus HR B 9170 Amtsgericht Braunschweig
USt-IdNr. DE 259 526 516