'Re: [oS-en] Problem with dovecot certificates'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       opensuse
Subject:    Re: [oS-en] Problem with dovecot certificates
From:       "David C. Rankin" <drankinatty () suddenlinkmail ! com>
Date:       2023-12-28 5:16:46
Message-ID: 8d7375bb-eccc-4c92-a7ff-3e0ed19495b7 () suddenlinkmail ! com
[Download RAW message or body]

On 12/27/23 13:12, Carlos E. R. wrote:
> 
> 
> I am seeing these in the mail log, after a recent update (the machine is using 
> Leap 15.4, but I have seen them in a 15.5 machine too (did not study those)):
> 
> <2.6> 2023-12-27T19:48:49.449784+01:00 Telcontar dovecot - - -  imap-login: 
> Disconnected: Connection closed: SSL_accept() failed: error:14094412:SSL 
> routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42 (no 
> auth attempts in 0 secs): user=<>, rip=192.168.2.19, lip=192.168.1.14, TLS 
> handshaking: SSL_accept() failed: error:14094412:SSL 
> routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42, 
> session=<7qHpP4INzunAqAIT>
> <2.6> 2023-12-27T19:48:49.459538+01:00 Telcontar dovecot - - -  imap-login: 
> Disconnected: Connection closed: SSL_accept() failed: error:14094412:SSL 
> routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42 (no 
> auth attempts in 0 secs): user=<>, rip=192.168.2.19, lip=192.168.1.14, TLS 
> handshaking: SSL_accept() failed: error:14094412:SSL 
> routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42, 
> session=<aqPpP4INwunAqAIT>
> 
> And Thunderbird can not open some folders.
> 
> 
> 

Very, very long-running problem, e.g. 
https://bugzilla.mozilla.org/show_bug.cgi?id=1671736

Claims it is resolved -- it isn't and never has been. There is something 
botched in tbirds acceptance of a changed self-signed cert. I was hit with 
this just about every year as the cert expired until I finally just went to 
using Let's Encrypt real certificates (you can use the same cert for web and 
mail servers)

I'd load certbot and just get the free cert for your domain, set up your web 
and mail servers to use them and be done with it.

Otherwise, you can't get rid of the old cert cached somewhere in the tbird 
profile and you end up having to install new cert, restart dovecot, delete 
your mailbox from within tbird and re-create it and it will then, and only 
then, give you the ability to "create an exception" for your new self-signed cert.

Royal pain....


-- 
David C. Rankin, J.D.,P.E.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic