> On Sep 21, 2019, at 9:03 AM, benoit <ben...@z-elec.com> wrote:
>
> I have a problem with my postfix sever, I can't connect with TLS, I have this
> error:
>
> Sep 21 10:40:32 jolly postfix/smtpd[23341]: warning: TLS library problem:
> error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate
> unknown:../ssl/record/rec_layer_s3.c:1536:SSL alert number 46:
* Since the report is from smtpd(8), this is an incoming
SMTP connection from an client.
* The client's TLS stack is sending a TLS fatal alert message
to the server
* The alert in question is a "certificate unknown" alert, which
might indicate that your certificate chain is issued by an
unknown CA, *OR* is incomplete.
A common mistake is to leave out intermediate issuer certificates
from your server chain, and provide just the leaf certificate.
DONT DO THAT. With Let's Encrypt, use "fullchain.pem".
* It is also possible that the client's alert is "imprecise" and
the certificate name does not match the server name, or some
other certificate related problem. Diagnostic information on
the client might shed more light on the issue.
--
Viktor.
