<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <p>You'd need to include alot more information if you're looking for
      resolution.</p>
    <p><br>
    </p>
    <ol>
      <li>How are you renewing your certs. Are you re-keying when you
        renew?<br>
      </li>
      <li>What is your ssl_cert? Is it a single cert or a chain?<br>
      </li>
    </ol>
    <div class="moz-cite-prefix"><br>
      I'd set ssl_min_protocol = TLSv1.1 at the very least, probably
      TLSv1.2 if your users clients can handle it</div>
    <div class="moz-cite-prefix"><br>
    </div>
    <div class="moz-cite-prefix"><br>
    </div>
    <div class="moz-cite-prefix">If you're looking for pointers, I'd try
      googling the errors.<br>
    </div>
    <div class="moz-cite-prefix"><br>
    </div>
    <div class="moz-cite-prefix"><a class="moz-txt-link-freetext" href="https://serverfault.com/questions/806141/is-the-alert-ssl3-read-bytessslv3-alert-bad-certificate-indicating-that-the-s/806175">https://serverfault.com/questions/806141/is-the-alert-ssl3-read-bytessslv3-alert-bad-certificate-indicating-that-the-s/806175</a><br>
    </div>
    <div class="moz-cite-prefix"><a class="moz-txt-link-freetext" href="https://community.letsencrypt.org/t/mobile-clients-ssl-alert-number-46/124608/4">https://community.letsencrypt.org/t/mobile-clients-ssl-alert-number-46/124608/4</a><br>
    </div>
    <div class="moz-cite-prefix"><br>
    </div>
    <div class="moz-cite-prefix"><br>
    </div>
    <div class="moz-cite-prefix">On 9/7/21 2:24 PM, Marc wrote:<br>
    </div>
    <blockquote type="cite"
      cite="mid:c26783abf9be40bbac9ab45b536cd880@f1-outsourcing.eu">
      <pre class="moz-quote-pre" wrap="">

nothing comenting about more knowledgable, but ssl3 nobody uses. it is even adviced not to use tls 1.1 and below


</pre>
      <blockquote type="cite">
        <pre class="moz-quote-pre" wrap="">Separate subject, but couldn't help but notice, SSL3 is being used?
Wasn't SSL3 retired because of POODLE exploits? Can someone more
knowledgeable confirm?


On 9/7/21 11:05, Steve Dondley wrote:


        On 2021-09-07 01:25 PM, Amol Kulkarni wrote:

                Hello,


                After I replaced my certificate with a new one yesterday, I'm
seeing some ssl related errors. There are successful pop/imap logins
using SSL also. So I think the certificate in itself is fine. No user
has complained as yet, so I don't know for sure. However the count of
errors has surely increased after installing the new certificate.
                There are 2 errors seen :
                dovecot: imap-login: Disconnected (no auth attempts in 1
secs): user=<>, rip=, lip
                =, TLS handshaking: SSL_accept() failed: error:14094416:SSL
routines:SSL3_READ_BYTES:sslv3 alert certificate unknown: SSL alert
number 46, session=<9m0AnVnL
                2pHf4hso>


                dovecot: imap-login: Disconnected (no auth attempts in 0
secs): user=<>, rip=, lip
                =, TLS: SSL_read() failed: error:14094412:SSL
routines:SSL3_READ_BYTES:sslv3 alert bad certificate: SSL alert number
42, session=<ww/b6VfLmeR7yTog>

                Kindly help with some pointers.

                Thanks and Regards,
                Amol

        I assume you tried restarting dovecot, but just in case...
</pre>
      </blockquote>
      <pre class="moz-quote-pre" wrap="">
</pre>
    </blockquote>
    <pre class="moz-signature" cols="72">-- 
Ben Burk
BURK.TECH System Administrator</pre>
  </body>
</html>