> On 12/04/2021 17:13 Christopher Wensink <cwens...@five-star-plastics.com> > wrote: > > > Dovecot Team, > > I need a little help. I came in this morning and it seems like the SSL > Certificates expired for dovecot (on an internal mail server) and nobody > can move email into their folders on this server. In Thunderbird they > just see in the status bar: HISTORY: checking mail server capabilities... > > In /var/log/maillog: > -------- > Apr 12 09:02:26 mario2 dovecot: imap-login: Disconnected (no auth > attempts in 0 secs): user=<>, rip=10.5.1.85, lip=10.5.1.17, TLS: > SSL_read() failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 > alert bad certificate: SSL alert number 42, session=<H5iu9sa/Me0KBQFV> > > I have tried: > > -Restarting Dovecot > -Restarting the whole mail server > -Re-creating the .pem files, first moving the old files in > /etc/pki/dovecot/certs and /etc/pki/dovecot/private from dovecot.pem to > dovecot-old.pem, > - Re-creating a new dovecot.pem using the mkcert.sh script in the doc > folder in /usr/share/doc/dovecot-2.2.36/, > - restarting dovecot > - changing the cert values in dovecot-openssl.cnf > > I also tried creating new .crt and key files using this tutorial: > https://msol.io/blog/tech/create-a-self-signed-ssl-certificate-with-openssl/ > > > I need some assistance, thank you for your help. > > Chris
Please use real certs if possible. Otherwise you need to install the used CA certificate, or the self-signed certificate, to all the clients. Or reset the exception there, and then tell all your users to redo the exception. Using real certs is easier. Aki
