<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<font face="monospace">Looks fine from my side, both on pop3s<br>
</font>
<hr><font face="monospace"><br>
ychaouche#ychaouche-PC 13:58:25 ~ $ openssl s_client -connect
103.106.168.105:<b>995</b> -CApath /etc/ssl/certs<br>
CONNECTED(00000003)<br>
depth=2 O = Digital Signature Trust Co., CN = DST Root CA
X3
<br>
verify return:1<br>
depth=1 C = US, O = Let's Encrypt, CN = R3<br>
verify return:1<br>
depth=0 CN = emu.sbt.net.au<br>
verify return:1<br>
---<br>
Certificate chain<br>
0 s:/CN=emu.sbt.net.au<br>
i:/C=US/O=Let's Encrypt/CN=R3<br>
1 s:/C=US/O=Let's Encrypt/CN=R3<br>
i:/O=Digital Signature Trust Co./CN=DST Root CA X3<br>
---<br>
Server certificate<br>
-----BEGIN CERTIFICATE-----<br>
[...]<br>
-----END CERTIFICATE-----<br>
subject=/CN=emu.sbt.net.au<br>
issuer=/C=US/O=Let's Encrypt/CN=R3<br>
---<br>
[...]<br>
Start Time: 1614694135<br>
Timeout : 300 (sec)<br>
<b>Verify return code: 0 (ok)</b><br>
---<br>
+OK Dovecot ready.<br>
^C<br>
ychaouche#ychaouche-PC 15:09:01 ~ $<br>
<br>
</font>
<hr><font face="monospace"><br>
and on pop3 with starttls<br>
<br>
</font>
<hr><font face="monospace"><br>
<br>
ychaouche#ychaouche-PC 15:14:28 ~ $ openssl s_client<b> -starttls
pop3</b> -connect 103.106.168.105<b>:pop3</b> -CApath
/etc/ssl/certs<br>
CONNECTED(00000003)<br>
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3<br>
verify return:1<br>
depth=1 C = US, O = Let's Encrypt, CN = R3<br>
verify return:1<br>
depth=0 CN = emu.sbt.net.au<br>
verify return:1<br>
---<br>
Certificate chain<br>
0 s:/CN=emu.sbt.net.au<br>
i:/C=US/O=Let's Encrypt/CN=R3<br>
1 s:/C=US/O=Let's Encrypt/CN=R3<br>
i:/O=Digital Signature Trust Co./CN=DST Root CA X3<br>
---<br>
Server certificate<br>
-----BEGIN CERTIFICATE-----<br>
[...]<br>
-----END CERTIFICATE-----<br>
subject=/CN=emu.sbt.net.au<br>
issuer=/C=US/O=Let's Encrypt/CN=R3<br>
---<br>
[...]<br>
Start Time: 1614694499<br>
Timeout : 300 (sec)<br>
Verify return code: 0 (ok)<br>
---<br>
+OK Dovecot ready.<br>
^C<br>
ychaouche#ychaouche-PC 15:15:04 ~ $<br>
<br>
</font>
<hr><font face="monospace"><br>
</font><br>
<br>
<br>
<div class="moz-cite-prefix">Le 3/2/21 à 1:41 PM, Erwan David a
écrit :<br>
</div>
<blockquote type="cite"
cite="mid:5fe66061-da69-7d88-a839-faf9d9a23507@rail.eu.org">
<pre class="moz-quote-pre" wrap="">Le 02/03/2021 à 13:29, Voytek Eymont a écrit :
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">since a couple of days one of users reported getting expired certificate
error in TB, looking at the log, I can see like:
Mar 02 21:46:24 pop3-login: Info: Disconnected (no auth attempts in 0
secs): user=<>, rip=111.222.333.444, lip=103.106.168.105, TLS: SSL_read
failed: error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert
certificate expired: SSL alert number 45, session=<...>
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">
Here it is the certificate presented on the pop3 port (either port 110
with a STLS command or port 995)
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">but, looking at server with
<a class="moz-txt-link-freetext" href="https://ssl-tools.net/mailservers/emu.sbt.net.au">https://ssl-tools.net/mailservers/emu.sbt.net.au</a> it says 'valid' as does
certbot tool
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">
Here it seems te site tests the smtp server (on port 25), which is not
handled by dovecot. You probably have different certificates on both.
</pre>
</blockquote>
<br>
</body>
</html>