On Sun, Nov 10, 2024 at 07:16:12AM -0500, Scott K via Postfix-users wrote:
> My mail server stopped working with this error:
>
> TLS handshaking: SSL_accept() failed: error:0A000412:SSL routines::sslv3
> alert bad certificate: SSL alert number 42
Far too little context, but we have is:
- Since it is SSL_accept() and not SSL_connect() that's failing, the
problem is in the incoming smtpd(8) service.
- Since the reported problem is an "alert", the problem condition was
detected by the remote TLS client, and reported to the TLS server.
- The client is apparently unhappy with your certificate, perhaps
because you have DANE or MTA-STS, or because the particular client
is specifically configured to require a validatable certificate
at least from your server. Or because your certificate is so
badly malformed, that it is unsuitable for use on a TLS server
even before worrying about path validation and name checks.
What's missing (unmangled whitespace reports of):
- $ postconf -nf
- $ postconf -Mf
- ideally unabridged logging showing the client IP address and hostname
--
Viktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
