Hey Robert, thanks for your reply.
Am 17.02.2017 um 19:28 schrieb Robert L Mathews: > Looking at your dovecot -n, you're using two different files here: > > ssl_cert = </etc/ssl/sebode-online.de/chain.pem > ssl_key = </etc/ssl/sebode-online.de/key.pem > > Are you sure these two files match, and contain the right things in the > right order? > Yes, unfortunately I'm sure that everything has the right order. As you can see in the trace, both certificates (mine and the intermediate) get transferred to the client on connection. > We use a single PEM file as input for both of these parameters, and that > PEM file contains, in this order: > > -----BEGIN RSA PRIVATE KEY----- > ... > -----BEGIN CERTIFICATE----- > ... > -----BEGIN CERTIFICATE----- > > ... where the first BEGIN CERTIFICATE is the specific hostname one, and > the second BEGIN CERTIFICATE is the Let's Encrypt X3 intermediate > certificate that ends with "DNFu0Qg==". > Tried that, but without success. But your usage doesn't seem right to me. The parameters are not called ssl_cert and ssl_key for nothing. ;-) Normally you don't want your private key to have any other permissions than 600. > You're also manually specifying these non-default parameters: > > ssl_cipher_list = ... > ssl_prefer_server_ciphers = yes > ssl_protocols = !SSLv2 !SSLv3 > > For testing, I would simplify. Does it work without any of those three > things set? > Tried this before. I set all SSL specific settings exactly like my friend where it works without a problem. But it doesn't work for me. Thanks anyway for your effort! Bastian -- Bastian Sebode Fachinformatiker Systemintegration LINET Services GmbH | Cyriaksring 10a | 38118 Braunschweig Tel. 0531-180508-0 | Fax 0531-180508-29 | http://www.linet-services.de LINET in den sozialen Netzwerken: www.twitter.com/linetservices | www.facebook.com/linetservices Wissenswertes aus der IT-Welt: www.linet-services.de/blog/ Geschäftsführung: Timo Springmann, Mirko Savic und Moritz Bunkus HR B 9170 Amtsgericht Braunschweig USt-IdNr. DE 259 526 516
