Hello Basti. Maybe you tried LE too early when it was not universally accepted
as a trusted CA ?
On Monday, February 20, 2017 2:22 PM, basti <basti at
unix-solution.de> wrote:
Hello,
I had the same problem. LE is not in the CA list.
Best Regards,
On 17.02.2017 17:58, Bastian Sebode wrote:> Hello Folks,
>
> my StartCom SSL-Certificate expires soon and so I wanted to switch to
> Let's Encrypt Certificates instead. Unfortunatelly Thunderbird seems
not
> to like it, although all -tested- other Clients work without any problems.
>
> When I connect with Thunderbird it sends an "Encrypted Alert"
directly
> after the TLS handshake although Dovecot wants to continue the session.
>
> In the Dovecot Log it says:
> Feb 17 17:27:17 imap-login: Debug: SSL: where=0x20, ret=1: SSL
> negotiation finished successfully [82.100.242.26]
> Feb 17 17:27:17 imap-login: Debug: SSL: where=0x2002, ret=1: SSL
> negotiation finished successfully [82.100.242.26]
> Feb 17 17:27:17 imap-login: Warning: SSL alert: where=0x4004, ret=554:
> fatal bad certificate [82.100.242.26]
>
> But the certificate is okay, cause it works with other Mailclients and
> openssl also says so. What certificate is Thunderbird complaining about?
>
> Thunderbird says something like "There's no supported
authentication
> method". I don't use any Certificates for Client Authentication,
neither
> in Dovecot nor in Thunderbird. When I do, it fails the same way.
>
> Weirdly my friend uses the same Dovecot Version with Let's Encrypt on
> his Server and it works with Thunderbird without any flaws. Mine fails
> the same way in his Thunderbird and also in a fresh installation.
>
> After two weeks of investigating I still have no clue why it behaves
> like this.
>
> I uploaded two Wireshark tracefiles, further logs and dovecot -n, may be
> someone sees any possible reasons for this weird behavior or has any
> further tips on solving this issue.
> https://sebode-online.de/dovecot-letsencrypt/
>
> Every hint is highly appreciated!
>
> Best Regards
> Bastian
>