SSL errors after certificate renewal

Ben Burk ben at burk.tech
Wed Sep 8 07:09:22 EEST 2021 

You'd need to include alot more information if you're looking for 
resolution.


 1. How are you renewing your certs. Are you re-keying when you renew?
 2. What is your ssl_cert? Is it a single cert or a chain?


I'd set ssl_min_protocol = TLSv1.1 at the very least, probably TLSv1.2 
if your users clients can handle it


If you're looking for pointers, I'd try googling the errors.

https://serverfault.com/questions/806141/is-the-alert-ssl3-read-bytessslv3-alert-bad-certificate-indicating-that-the-s/806175
https://community.letsencrypt.org/t/mobile-clients-ssl-alert-number-46/124608/4


On 9/7/21 2:24 PM, Marc wrote:
>
> nothing comenting about more knowledgable, but ssl3 nobody uses. it is even adviced not to use tls 1.1 and below
>
>
>> Separate subject, but couldn't help but notice, SSL3 is being used?
>> Wasn't SSL3 retired because of POODLE exploits? Can someone more
>> knowledgeable confirm?
>>
>>
>> On 9/7/21 11:05, Steve Dondley wrote:
>>
>>
>> 	On 2021-09-07 01:25 PM, Amol Kulkarni wrote:
>>
>> 		Hello,
>>
>>
>> 		After I replaced my certificate with a new one yesterday, I'm
>> seeing some ssl related errors. There are successful pop/imap logins
>> using SSL also. So I think the certificate in itself is fine. No user
>> has complained as yet, so I don't know for sure. However the count of
>> errors has surely increased after installing the new certificate.
>> 		There are 2 errors seen :
>> 		dovecot: imap-login: Disconnected (no auth attempts in 1
>> secs): user=<>, rip=, lip
>> 		=, TLS handshaking: SSL_accept() failed: error:14094416:SSL
>> routines:SSL3_READ_BYTES:sslv3 alert certificate unknown: SSL alert
>> number 46, session=<9m0AnVnL
>> 		2pHf4hso>
>>
>>
>> 		dovecot: imap-login: Disconnected (no auth attempts in 0
>> secs): user=<>, rip=, lip
>> 		=, TLS: SSL_read() failed: error:14094412:SSL
>> routines:SSL3_READ_BYTES:sslv3 alert bad certificate: SSL alert number
>> 42, session=<ww/b6VfLmeR7yTog>
>>
>> 		Kindly help with some pointers.
>>
>> 		Thanks and Regards,
>> 		Amol
>>
>> 	I assume you tried restarting dovecot, but just in case...

-- 
Ben Burk
BURK.TECH System Administrator

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20210907/29b5de16/attachment.html>

More information about the dovecot mailing list