[Dovecot] SSL issues on separate IPs
Timo Sirainen
tss at iki.fi
Fri Dec 3 06:47:06 EET 2010
On 3.12.2010, at 2.15, Tim Traver wrote:
> local 209.132.xx.4 {
> ssl_cert = </shared/templates/res/1040/certs/*.xxxxx.com.crt-pem-298
> ssl_key = </shared/templates/res/1040/certs/*.xxxxx.com.key-298
> }
>
> I have several of these, and there appears to be a problem with one in
> particular that is dropping connections, and I'm not sure why.
Your doveconf output has two and here you say several. So are there multiple ones that work or only one?
> This particular one drops the connection when I try to connect to IMAP
> using TLS on port 143, or using the IMAP SSL port of 993. When I try it
> using Thunderbird, I am using the default settings for both tests.
Test with openssl s_client -connect localhost:993
> The Thunderbird error I get is "The server has disconnected. The server
> may have gone down or there may be a network problem." I don't see any
> errors in the dovecot error log or the system error log, and when using
> doveadm who to view the current connections, it does not show a
> connection. I tried enabling the logs for SSL errors, but nothing
> appears for my IP when attempting to connect.
Set verbose_ssl=yes to log more stuff about SSL.
> But, I don't know how that would make a difference since one of the
> separated IP's works with its cert, and the other one disconnects.
Would be easiest if you could test with a simple setup where there is only a single SSL cert. Then it would be clear if the problem has to do with SSL cert itself or about the per-IP settings.
If it has to do with SSL cert, you could also try if you can connect with s_client to openssl s_server running with that cert.
More information about the dovecot
mailing list