ot: LE server conf setup/ iPhone 'expired cert' message

Voytek Eymont voytek at sbt.net.au
Sun Jul 22 16:52:22 EEST 2018


On Sun, July 22, 2018 11:22 pm, dclist at list.jmatt.net wrote:

> Usually, a browser connects to a web server on port 443, while an email
> client connects to an IMAP or POP server on a different port, served by
> different software.  Just because your browser receives a current/valid
> cert, that doesn’t mean your dovecot server is sending the same
> certificate.
>
> Assuming the sbt.net.au <http://sbt.net.au/> in your email address is the
> address of your dovecot server, I tried
>
> openssl s_client -connect sbt.net.au:143 -starttls imap
>
> And received a cert which includes:
>
>
> Certificate:
> Data:
> Version: 3 (0x2)
> Serial Number:
> 03:5b:41:a6:f4:a6:33:eb:5b:ac:af:b8:20:96:f4:0e:20:b9
> Signature Algorithm: sha256WithRSAEncryption
> Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
> Validity
> Not Before: Apr 23 11:11:28 2018 GMT
> Not After : Jul 22 11:11:28 2018 GMT
> Subject: CN=geko.sbt.net.au <http://geko.sbt.net.au/>
>
>
>
> Dovecot is sending an expired cert.  Pascai is correct; you need to
> restart it.

Pascal, "dclist", thanks!!

I've restarted Dovecot, and, I think it's OK now

sorry, I've panicked as googling turned multiple iphone/certs issue, and,
rather than properly testing first, I stupidly panicked...

thanks for explanation, thanks for testing!!

so, basically, after each renewal of server's cert I should remember to
reload Dovecot (and maybe Postfix too?)

thanks again,

-- 
Voytek



More information about the dovecot mailing list