config: Error: Conflict in setting ssl_cert found from filter
Hi!
I see this intermittent error with my dovecot setup.
The most puzzling part is that it sometimes works and sometimes rejects connections, spitting out the log I attached in systeport (DNS).
I am binding both ipv4 (TLS+SNI) and ipv6 (dedicated addresses). TLS certificates for corresponding DNS are shared across ipv4 / ipv6.
Thank you, Best regards, Jan
On 13/09/2023 05:01 EEST Ján Ondrušek <ondrusek.jan@gmail.com> wrote:
Hi!
I see this intermittent error with my dovecot setup.
The most puzzling part is that it sometimes works and sometimes rejects connections, spitting out the log I attached in systeport (DNS).
I am binding both ipv4 (TLS+SNI) and ipv6 (dedicated addresses). TLS certificates for corresponding DNS are shared across ipv4 / ipv6.
Thank you, Best regards, Jan
Any chance you could send set of config files that reproduce this issue, or your original config files?
Aki
The only modification in the configs I sent is to shorten the domain names and IPv6 prefixes. Is there anything else I should’ve attached?
A full repro would require TLS certificates and keys too.
Thanks, Jan
On Tue, Sep 12, 2023 at 10:54 PM Aki Tuomi <aki.tuomi@open-xchange.com> wrote:
On 13/09/2023 05:01 EEST Ján Ondrušek <ondrusek.jan@gmail.com> wrote:
Hi!
I see this intermittent error with my dovecot setup.
The most puzzling part is that it sometimes works and sometimes rejects connections, spitting out the log I attached in systeport (DNS).
I am binding both ipv4 (TLS+SNI) and ipv6 (dedicated addresses). TLS certificates for corresponding DNS are shared across ipv4 / ipv6.
Thank you, Best regards, Jan
Any chance you could send set of config files that reproduce this issue, or your original config files?
Aki
Can you do some experimenting with openssl s_client?
openssl s_client -connect ipv6 -servername dnsname server:993
see if this triggers it?
Aki
On 13/09/2023 18:37 EEST Ján Ondrušek <ondrusek.jan@gmail.com> wrote:
The only modification in the configs I sent is to shorten the domain names and IPv6 prefixes. Is there anything else I should’ve attached?
A full repro would require TLS certificates and keys too.
Thanks, Jan
On Tue, Sep 12, 2023 at 10:54 PM Aki Tuomi <aki.tuomi@open-xchange.com> wrote:
On 13/09/2023 05:01 EEST Ján Ondrušek <ondrusek.jan@gmail.com> wrote:
Hi!
I see this intermittent error with my dovecot setup.
The most puzzling part is that it sometimes works and sometimes rejects connections, spitting out the log I attached in systeport (DNS).
I am binding both ipv4 (TLS+SNI) and ipv6 (dedicated addresses). TLS certificates for corresponding DNS are shared across ipv4 / ipv6.
Thank you, Best regards, Jan
Any chance you could send set of config files that reproduce this issue, or your original config files?
Aki
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
participants (2)
-
Aki Tuomi
-
Ján Ondrušek