Hi, Dovecot 2.2.32-34 FreeBSD 10.4 Solr 7.2.1(Centos 6) When I try to use https to connect to solr, I get error when a self-signed certificate: Mar 3 05:15:47 server dovecot: indexer-worker(email at domain.com): Received invalid SSL certificate: self signed certificate: /C=Country/ ST=State/L=Location/O=Organization/OU=Organizational Unit/CN=solr.domain.com Mar 3 05:15:47 server dovecot: indexer-worker(email at domain.com): Received invalid SSL certificate: self signed certificate: /C=Country/ ST=State/L=Location/O=Organization/OU=Organizational Unit/CN=solr.domain.com Mar 3 05:15:47 server dovecot: indexer-worker(email at domain.com): Error: fts_solr: Indexing failed: SSL handshaking with 1.1.1.1: 8983 failed: read(SSL 1.1.1.1:8983) failed: Received invalid SSL certificate: self signed certificate: /C=Country/ST=State/L=L ocation/O=Organization/OU=Organizational Unit/CN=solr.domain.com (2 attempts in 0.043 secs) Mar 3 05:15:47 server dovecot: indexer-worker(email at domain.com): Received invalid SSL certificate: self signed certificate: /C=Country/ ST=State/L=Location/O=Organization/OU=Organizational Unit/CN=solr.domain.com Mar 3 05:15:47 server dovecot: indexer-worker(email at domain.com): Received invalid SSL certificate: self signed certificate: /C=Country/ ST=State/L=Location/O=Organization/OU=Organizational Unit/CN=solr.domain.com Mar 3 05:15:47 server dovecot: indexer-worker(email at domain.com): Error: fts_solr: Indexing failed: SSL handshaking with 1.1.1.1: 8983 failed: read(SSL 1.1.1.1:8983) failed: Received invalid SSL certificate: self signed certificate: /C=Country/ST=State/L=L ocation/O=Organization/OU=Organizational Unit/CN=solr.domain.com (2 attempts in 0.430 secs) Mar 3 05:15:47 server dovecot: indexer-worker(email at domain.com): Error: Mailbox INBOX: Transaction commit failed: FTS transaction commi t failed: backend deinit (attempted to index 1 messages (UIDs 799975..799975)) or error when letsencrypt: Mar 3 01:26:31 server dovecot: indexer-worker(email at domain.com): Received invalid SSL certificate: unable to get local issuer certifi cate: /C=US/O=Let\\\'s Encrypt/CN=Let\\\'s Encrypt Authority X3 Mar 3 01:26:31 server dovecot: indexer-worker(email at domain.com): Received invalid SSL certificate: unable to get local issuer certifi cate: /C=US/O=Let\\\'s Encrypt/CN=Let\\\'s Encrypt Authority X3 Mar 3 01:26:31 server dovecot: indexer-worker(email at domain.com): Error: fts_solr: Indexing failed: SSL handshaking with 1.1.1.1 3:8983 failed: read(SSL 1.1.1.1:8983) failed: Received invalid SSL certificate: unable to get local issuer certificate: /C=US/ O=Let\\\'s Encrypt/CN=Let\\\'s Encrypt Authority X3 (2 attempts in 0.085 secs) Mar 3 01:26:31 server dovecot: indexer-worker(email at domain.com): Received invalid SSL certificate: unable to get local issuer certifi cate: /C=US/O=Let\\\'s Encrypt/CN=Let\\\'s Encrypt Authority X3 Mar 3 01:26:31 server dovecot: indexer-worker(email at domain.com): Received invalid SSL certificate: unable to get local issuer certifi cate: /C=US/O=Let\\\'s Encrypt/CN=Let\\\'s Encrypt Authority X3 Mar 3 01:26:31 server dovecot: indexer-worker(email at domain.com): Error: fts_solr: Indexing failed: SSL handshaking with 1.1.1.1 3:8983 failed: read(SSL 1.1.1.1:8983) failed: Received invalid SSL certificate: unable to get local issuer certificate: /C=US/ O=Let\\\'s Encrypt/CN=Let\\\'s Encrypt Authority X3 (2 attempts in 0.112 secs) Mar 3 01:26:31 server dovecot: indexer-worker(email at domain.com): Error: Mailbox INBOX: Transaction commit failed: FTS transaction com mit failed: backend deinit (attempted to index 1 messages (UIDs 104770..104770)) 90-plugins.conf: fts_autoindex=yes fts = solr fts_solr = url=login:pass at solr.domain.com:8983/solr/dovecot break-imap-search debug curl and other software connect to solr without errors in both cases. Does dovecot have option to disable certificate validation (may be ssl_verify = false etc.) ? Thanks.
Hello, Excuse me, Is dovecot really unable to work with solr through https ? I tried to change ssl_client_ca_dir and ssl_client_ca_file, but nothing. Alex 2018-03-05 21:56:> Hi, > > Dovecot 2.2.32-34 > FreeBSD 10.4 > > Solr 7.2.1(Centos 6) > > > When I try to use https to connect to solr, I get error when a > self-signed certificate: > > Mar 3 05:15:47 server dovecot: indexer-worker(email at domain.com): > Received invalid SSL certificate: self signed certificate: /C=Country/ > ST=State/L=Location/O=Organization/OU=Organizational > Unit/CN=solr.domain.com > Mar 3 05:15:47 server dovecot: indexer-worker(email at domain.com): > Received invalid SSL certificate: self signed certificate: /C=Country/ > ST=State/L=Location/O=Organization/OU=Organizational > Unit/CN=solr.domain.com > Mar 3 05:15:47 server dovecot: indexer-worker(email at domain.com): > Error: fts_solr: Indexing failed: SSL handshaking with 1.1.1.1: > 8983 failed: read(SSL 1.1.1.1:8983) failed: Received invalid SSL > certificate: self signed certificate: /C=Country/ST=State/L=L > ocation/O=Organization/OU=Organizational Unit/CN=solr.domain.com (2 > attempts in 0.043 secs) > Mar 3 05:15:47 server dovecot: indexer-worker(email at domain.com): > Received invalid SSL certificate: self signed certificate: /C=Country/ > ST=State/L=Location/O=Organization/OU=Organizational > Unit/CN=solr.domain.com > Mar 3 05:15:47 server dovecot: indexer-worker(email at domain.com): > Received invalid SSL certificate: self signed certificate: /C=Country/ > ST=State/L=Location/O=Organization/OU=Organizational > Unit/CN=solr.domain.com > Mar 3 05:15:47 server dovecot: indexer-worker(email at domain.com): > Error: fts_solr: Indexing failed: SSL handshaking with 1.1.1.1: > 8983 failed: read(SSL 1.1.1.1:8983) failed: Received invalid SSL > certificate: self signed certificate: /C=Country/ST=State/L=L > ocation/O=Organization/OU=Organizational Unit/CN=solr.domain.com (2 > attempts in 0.430 secs) > Mar 3 05:15:47 server dovecot: indexer-worker(email at domain.com): > Error: Mailbox INBOX: Transaction commit failed: FTS transaction commi > t failed: backend deinit (attempted to index 1 messages (UIDs > 799975..799975)) > > > or error when letsencrypt: > > > Mar 3 01:26:31 server dovecot: indexer-worker(email at domain.com): > Received invalid SSL certificate: unable to get local issuer certifi > cate: /C=US/O=Let\\\\\\\'s Encrypt/CN=Let\\\\\\\'s Encrypt Authority X3 > Mar 3 01:26:31 server dovecot: indexer-worker(email at domain.com): > Received invalid SSL certificate: unable to get local issuer certifi > cate: /C=US/O=Let\\\\\\\'s Encrypt/CN=Let\\\\\\\'s Encrypt Authority X3 > Mar 3 01:26:31 server dovecot: indexer-worker(email at domain.com): > Error: fts_solr: Indexing failed: SSL handshaking with 1.1.1.1 > 3:8983 failed: read(SSL 1.1.1.1:8983) failed: Received invalid SSL > certificate: unable to get local issuer certificate: /C=US/ > O=Let\\\\\\\'s Encrypt/CN=Let\\\\\\\'s Encrypt Authority X3 (2 attempts > in 0.085 secs) > Mar 3 01:26:31 server dovecot: indexer-worker(email at domain.com): > Received invalid SSL certificate: unable to get local issuer certifi > cate: /C=US/O=Let\\\\\\\'s Encrypt/CN=Let\\\\\\\'s Encrypt Authority X3 > Mar 3 01:26:31 server dovecot: indexer-worker(email at domain.com): > Received invalid SSL certificate: unable to get local issuer certifi > cate: /C=US/O=Let\\\\\\\'s Encrypt/CN=Let\\\\\\\'s Encrypt Authority X3 > Mar 3 01:26:31 server dovecot: indexer-worker(email at domain.com): > Error: fts_solr: Indexing failed: SSL handshaking with 1.1.1.1 > 3:8983 failed: read(SSL 1.1.1.1:8983) failed: Received invalid SSL > certificate: unable to get local issuer certificate: /C=US/ > O=Let\\\\\\\'s Encrypt/CN=Let\\\\\\\'s Encrypt Authority X3 (2 attempts > in 0.112 secs) > Mar 3 01:26:31 server dovecot: indexer-worker(email at domain.com): > Error: Mailbox INBOX: Transaction commit failed: FTS transaction com > mit failed: backend deinit (attempted to index 1 messages (UIDs > 104770..104770)) > > > 90-plugins.conf: > fts_autoindex=yes > fts = solr > fts_solr = url=login:pass at solr.domain.com:8983/solr/dovecot > break-imap-search debug > > > curl and other software connect to solr without errors in both cases. > > Does dovecot have option to disable certificate validation (may be > ssl_verify = false etc.) ? > > > Thanks.
It's possible, yes. You can use stunnel or haproxy as workaround, maybe? Aki> On 19 March 2018 at 20:39 Alex <alex at jili.ga> wrote: > > > Hello, > > Excuse me, > Is dovecot really unable to work with solr through https ? > > I tried to change ssl_client_ca_dir and ssl_client_ca_file, but nothing. > > > > > Alex 2018-03-05 21:56: > > Hi, > > > > Dovecot 2.2.32-34 > > FreeBSD 10.4 > > > > Solr 7.2.1(Centos 6) > > > > > > When I try to use https to connect to solr, I get error when a > > self-signed certificate: > > > > Mar 3 05:15:47 server dovecot: indexer-worker(email at domain.com): > > Received invalid SSL certificate: self signed certificate: /C=Country/ > > ST=State/L=Location/O=Organization/OU=Organizational > > Unit/CN=solr.domain.com > > Mar 3 05:15:47 server dovecot: indexer-worker(email at domain.com): > > Received invalid SSL certificate: self signed certificate: /C=Country/ > > ST=State/L=Location/O=Organization/OU=Organizational > > Unit/CN=solr.domain.com > > Mar 3 05:15:47 server dovecot: indexer-worker(email at domain.com): > > Error: fts_solr: Indexing failed: SSL handshaking with 1.1.1.1: > > 8983 failed: read(SSL 1.1.1.1:8983) failed: Received invalid SSL > > certificate: self signed certificate: /C=Country/ST=State/L=L > > ocation/O=Organization/OU=Organizational Unit/CN=solr.domain.com (2 > > attempts in 0.043 secs) > > Mar 3 05:15:47 server dovecot: indexer-worker(email at domain.com): > > Received invalid SSL certificate: self signed certificate: /C=Country/ > > ST=State/L=Location/O=Organization/OU=Organizational > > Unit/CN=solr.domain.com > > Mar 3 05:15:47 server dovecot: indexer-worker(email at domain.com): > > Received invalid SSL certificate: self signed certificate: /C=Country/ > > ST=State/L=Location/O=Organization/OU=Organizational > > Unit/CN=solr.domain.com > > Mar 3 05:15:47 server dovecot: indexer-worker(email at domain.com): > > Error: fts_solr: Indexing failed: SSL handshaking with 1.1.1.1: > > 8983 failed: read(SSL 1.1.1.1:8983) failed: Received invalid SSL > > certificate: self signed certificate: /C=Country/ST=State/L=L > > ocation/O=Organization/OU=Organizational Unit/CN=solr.domain.com (2 > > attempts in 0.430 secs) > > Mar 3 05:15:47 server dovecot: indexer-worker(email at domain.com): > > Error: Mailbox INBOX: Transaction commit failed: FTS transaction commi > > t failed: backend deinit (attempted to index 1 messages (UIDs > > 799975..799975)) > > > > > > or error when letsencrypt: > > > > > > Mar 3 01:26:31 server dovecot: indexer-worker(email at domain.com): > > Received invalid SSL certificate: unable to get local issuer certifi > > cate: /C=US/O=Let\\\\\\\'s Encrypt/CN=Let\\\\\\\'s Encrypt Authority X3 > > Mar 3 01:26:31 server dovecot: indexer-worker(email at domain.com): > > Received invalid SSL certificate: unable to get local issuer certifi > > cate: /C=US/O=Let\\\\\\\'s Encrypt/CN=Let\\\\\\\'s Encrypt Authority X3 > > Mar 3 01:26:31 server dovecot: indexer-worker(email at domain.com): > > Error: fts_solr: Indexing failed: SSL handshaking with 1.1.1.1 > > 3:8983 failed: read(SSL 1.1.1.1:8983) failed: Received invalid SSL > > certificate: unable to get local issuer certificate: /C=US/ > > O=Let\\\\\\\'s Encrypt/CN=Let\\\\\\\'s Encrypt Authority X3 (2 attempts > > in 0.085 secs) > > Mar 3 01:26:31 server dovecot: indexer-worker(email at domain.com): > > Received invalid SSL certificate: unable to get local issuer certifi > > cate: /C=US/O=Let\\\\\\\'s Encrypt/CN=Let\\\\\\\'s Encrypt Authority X3 > > Mar 3 01:26:31 server dovecot: indexer-worker(email at domain.com): > > Received invalid SSL certificate: unable to get local issuer certifi > > cate: /C=US/O=Let\\\\\\\'s Encrypt/CN=Let\\\\\\\'s Encrypt Authority X3 > > Mar 3 01:26:31 server dovecot: indexer-worker(email at domain.com): > > Error: fts_solr: Indexing failed: SSL handshaking with 1.1.1.1 > > 3:8983 failed: read(SSL 1.1.1.1:8983) failed: Received invalid SSL > > certificate: unable to get local issuer certificate: /C=US/ > > O=Let\\\\\\\'s Encrypt/CN=Let\\\\\\\'s Encrypt Authority X3 (2 attempts > > in 0.112 secs) > > Mar 3 01:26:31 server dovecot: indexer-worker(email at domain.com): > > Error: Mailbox INBOX: Transaction commit failed: FTS transaction com > > mit failed: backend deinit (attempted to index 1 messages (UIDs > > 104770..104770)) > > > > > > 90-plugins.conf: > > fts_autoindex=yes > > fts = solr > > fts_solr = url=login:pass at solr.domain.com:8983/solr/dovecot > > break-imap-search debug > > > > > > curl and other software connect to solr without errors in both cases. > > > > Does dovecot have option to disable certificate validation (may be > > ssl_verify = false etc.) ? > > > > > > Thanks.