On Sun, Dec 05, 2021, russellb...@gmail.com wrote: > Dec 5 08:56:54 mydomain sm-mta[30576]: STARTTLS=client, error: > SSL_CTX_use_certificate_file(/etc/ssl/certs/server.csr) failed > Dec 5 08:56:54 mydomain sm-mta[30576]: STARTTLS=client, error: > SSL_CTX_check_private_key failed(/etc/ssl/certs/server.key): 0
The private key does not match the cert, see the man pages for those functions. Check your ClientCertFile and ClientKeyFile setting. > Dec 5 08:56:54 mydomain sm-mta[30576]: STARTTLS=client, error: load verify > locs /etc/ssl/certs/, /etc/ssl/certs/server.csr failed: 0 > The messages go through. I use a certificate issued by gmail That's because a client cert is not needed to send mail. > - if it's invalid I can't pick up mail with POP. You could try openssl s_server ... with that cert/key and check its complaints.
