Problem with Let's Encrypt Certificate
Robert L Mathews
lists at tigertech.com
Fri Feb 17 18:28:28 UTC 2017
On 2/17/17 8:58 AM, Bastian Sebode wrote:
> I uploaded two Wireshark tracefiles, further logs and dovecot -n
Looking at your dovecot -n, you're using two different files here:
ssl_cert = </etc/ssl/sebode-online.de/chain.pem
ssl_key = </etc/ssl/sebode-online.de/key.pem
Are you sure these two files match, and contain the right things in the
right order?
We use a single PEM file as input for both of these parameters, and that
PEM file contains, in this order:
-----BEGIN RSA PRIVATE KEY-----
...
-----BEGIN CERTIFICATE-----
...
-----BEGIN CERTIFICATE-----
... where the first BEGIN CERTIFICATE is the specific hostname one, and
the second BEGIN CERTIFICATE is the Let's Encrypt X3 intermediate
certificate that ends with "DNFu0Qg==".
You're also manually specifying these non-default parameters:
ssl_cipher_list = ...
ssl_prefer_server_ciphers = yes
ssl_protocols = !SSLv2 !SSLv3
For testing, I would simplify. Does it work without any of those three
things set?
--
Robert L Mathews, Tiger Technologies, http://www.tigertech.net/
More information about the dovecot
mailing list