Re: SSL errors after certificate renewal

2021-09-08 Thread Stuart Henderson
On 2021-09-07, Amol Kulkarni wrote: > After I replaced my certificate with a new one yesterday, I'm seeing some > ssl related errors. There are successful pop/imap logins using SSL also. So > I think the certificate in itself is fine. No user has complained as yet, > so I don't know for sure. Howe

Re: SSL errors after certificate renewal

2021-09-07 Thread Aki Tuomi
> On 07/09/2021 20:25 Amol Kulkarni wrote: > > > Hello, > > > After I replaced my certificate with a new one yesterday, I'm seeing some ssl > related errors. There are successful pop/imap logins using SSL also. So I > think the certificate in itself is fine. No user has complained as yet,

Re: SSL errors after certificate renewal

2021-09-07 Thread Stuart Henderson
On 2021-09-07, N wrote: > Separate subject, but couldn't help but notice, SSL3 is being used? > Wasn't SSL3 retired because of POODLE exploits? Can someone more > knowledgeable confirm? "sslv3 alert certificate unknown" does not mean that SSLv3 is used.

Re: SSL errors after certificate renewal

2021-09-07 Thread Jochen Bern
On 07.09.21 19:25, Amol Kulkarni wrote: > After I replaced my certificate with a new one yesterday, I'm seeing some > ssl related errors. [...] > dovecot: imap-login: Disconnected (no auth attempts in 1 secs): [...] > dovecot: imap-login: Disconnected (no auth attempts in 0 secs): [...] These log

Re: SSL errors after certificate renewal

2021-09-07 Thread Ben Burk
You'd need to include alot more information if you're looking for resolution. 1. How are you renewing your certs. Are you re-keying when you renew? 2. What is your ssl_cert? Is it a single cert or a chain? I'd set ssl_min_protocol = TLSv1.1 at the very least, probably TLSv1.2 if your users c

RE: SSL errors after certificate renewal

2021-09-07 Thread Marc
nothing comenting about more knowledgable, but ssl3 nobody uses. it is even adviced not to use tls 1.1 and below > Separate subject, but couldn't help but notice, SSL3 is being used? > Wasn't SSL3 retired because of POODLE exploits? Can someone more > knowledgeable confirm? > > > On 9/7/21 1

Re: SSL errors after certificate renewal

2021-09-07 Thread N
Separate subject, but couldn't help but notice, SSL3 is being used? Wasn't SSL3 retired because of POODLE exploits? Can someone more knowledgeable confirm? On 9/7/21 11:05, Steve Dondley wrote: On 2021-09-07 01:25 PM, Amol Kulkarni wrote: Hello, After I replaced my certificate with a new on

Re: SSL errors after certificate renewal

2021-09-07 Thread Steve Dondley
On 2021-09-07 01:25 PM, Amol Kulkarni wrote: Hello, After I replaced my certificate with a new one yesterday, I'm seeing some ssl related errors. There are successful pop/imap logins using SSL also. So I think the certificate in itself is fine. No user has complained as yet, so I don't know