Received invalid SSL certificate: unable to get certificate CRL

Markus Winkler ml at irmawi.de
Tue Jan 25 08:16:10 UTC 2022


Hi Laura,

On Mon, 24 Jan 2022 at 08:25:12PM +0000, Laura Smith wrote:
> I'm having a frustrating problem trying to use "doveadm sync" to pull
> mails off a server for migration purposes.
>
> # 2.3.17.1 (476cd46418): /etc/dovecot/dovecot.conf
> # Pigeonhole version 0.5.17.1 (a1a0b892)
> # OS: Linux 5.10.0-11-amd64 x86_64 Debian 11.2
>
> I have tried both explicit "ssl_client_ca_dir = /etc/ssl/certs" and commenting it out (i.e. relying on OpenSSL default per the 
> docs)
>
> I always get the same:
> Info: Received invalid SSL certificate: unable to get issuer certificate: /C=US/O=Internet Security Research Group/CN=ISRG Root 
> X1 (check ssl_client_ca_* se
> ttings?)

just an idea, but maybe that's the problem?:

https://doc.dovecot.org/configuration_manual/authentication/proxies/

"Note
ssl_client_ca_dir or ssl_client_ca_file aren’t currently used for verifying the
remote certificate, although ideally they will be in a future Dovecot version. For
now you need to add the trusted remote certificates to ssl_ca."

Regards,
Markus



More information about the dovecot mailing list