> On 12/04/2021 17:13 Christopher Wensink <cwensink at
five-star-plastics.com> wrote:
>
>
> Dovecot Team,
>
> I need a little help.? I came in this morning and it seems like the SSL
> Certificates expired for dovecot (on an internal mail server) and nobody
> can move email into? their folders on this server.? In Thunderbird they
> just see in the status bar:? HISTORY: checking mail server capabilities...
>
> In /var/log/maillog:
> --------
> Apr 12 09:02:26 mario2 dovecot: imap-login: Disconnected (no auth
> attempts in 0 secs): user=<>, rip=10.5.1.85, lip=10.5.1.17, TLS:
> SSL_read() failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3
> alert bad certificate: SSL alert number 42,
session=<H5iu9sa/Me0KBQFV>
>
> I have tried:
>
> -Restarting Dovecot
> -Restarting the whole mail server
> -Re-creating the .pem files, first moving the old files in
> /etc/pki/dovecot/certs and /etc/pki/dovecot/private from dovecot.pem to
> dovecot-old.pem,
> ? - Re-creating a new dovecot.pem using the mkcert.sh script in the doc
> folder in /usr/share/doc/dovecot-2.2.36/,
> ? - restarting dovecot
> ? - changing the cert values in dovecot-openssl.cnf
>
> I also tried creating new .crt and key files using this tutorial:
>
https://msol.io/blog/tech/create-a-self-signed-ssl-certificate-with-openssl/
>
>
> I need some assistance, thank you for your help.
>
> Chris
Please use real certs if possible. Otherwise you need to install the used CA
certificate, or the self-signed certificate, to all the clients. Or reset the
exception there, and then tell all your users to redo the exception. Using real
certs is easier.
Aki