on postfix now this seems to run, and with dovecot i need also handle this two
domains,
but appairing this error messages. like:
Jun 29 20:49:28 Dovecot/imap-login: Info: Disconnected (no auth attempts in 0
secs): user=<>,
rip=a.b.c.d, lip=37.120.190.188, TLS handshaking: SSL_accept() failed:
error:14094416:SSL routines:
ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46,
session=<FdklDjkdfrkfi>
Running with Debian Buster
# dovecot --version
2.3.4.1 (f79e8e7e4)
# nmail.caloro.ch
local_name nmail.caloro.ch {
ssl_cert = </etc/letsencrypt/live/nmail.caloro.ch/privkey.pem
ssl_key = </etc/letsencrypt/live/nmail.caloro.ch/fullchain.pem
}
# nmail.calm-ness.ch
local_name nmail.calm-ness.ch {
ssl_cert = </etc/letsencrypt/live/nmail.calm-ness.ch/privkey.pem
ssl_key = </etc/letsencrypt/live/nmail.calm-ness.ch/fullchain.pem
}
thanks for possible help
Am Mittwoch, Juni 29, 2022 21:24 CEST, schrieb Maurizio Caloro <mauric at gmx.ch>:> on postfix now this seems to run, and with dovecot i need also handle this two domains, > but appairing this error messages. like: > > Jun 29 20:49:28 Dovecot/imap-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, > rip=a.b.c.d, lip=37.120.190.188, TLS handshaking: SSL_accept() failed: error:14094416:SSL routines: > ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46, session=<FdklDjkdfrkfi> > > Running with Debian Buster > > # dovecot --version > 2.3.4.1 (f79e8e7e4) > > # nmail.caloro.ch > local_name nmail.caloro.ch { > ssl_cert = </etc/letsencrypt/live/nmail.caloro.ch/privkey.pem > ssl_key = </etc/letsencrypt/live/nmail.caloro.ch/fullchain.pem > } > # nmail.calm-ness.ch > local_name nmail.calm-ness.ch { > ssl_cert = </etc/letsencrypt/live/nmail.calm-ness.ch/privkey.pem > ssl_key = </etc/letsencrypt/live/nmail.calm-ness.ch/fullchain.pem > } > > thanks for possible help > > >Hi, the config says "You will still need a top-level default ssl_key and ssl_cert as well, or you will receive errors." I don't know if this is also a must have for SNI, as it is noted for multipe certifcates per IP. https://doc.dovecot.org/configuration_manual/dovecot_ssl_configuration/#dovecot-ssl-configuration -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5655 bytes Desc: not available URL: <https://dovecot.org/pipermail/dovecot/attachments/20220629/3be16cc1/attachment.bin>
>>>>> "Maurizio" == Maurizio Caloro <mauric at gmx.ch> writes:Maurizio> on postfix now this seems to run, and with dovecot i need Maurizio> also handle this two domains, but appairing this error Maurizio> messages. like: Why aren't you just using a single domain as the MX record for all the domains? Then you only need one SSL cert pair for all of this, and if you publish the right SPF records, each domain can send from the same MX host as well. Maurizio> Jun 29 20:49:28 Dovecot/imap-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, Maurizio> rip=a.b.c.d, lip=37.120.190.188, TLS handshaking: SSL_accept() failed: error:14094416:SSL routines: Maurizio> ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46, session=<FdklDjkdfrkfi> Maurizio> Running with Debian Buster Maurizio> # dovecot --version Maurizio> 2.3.4.1 (f79e8e7e4) Maurizio> # nmail.caloro.ch Maurizio> local_name nmail.caloro.ch { Maurizio> ssl_cert = </etc/letsencrypt/live/nmail.caloro.ch/privkey.pem Maurizio> ssl_key = </etc/letsencrypt/live/nmail.caloro.ch/fullchain.pem Maurizio> } Maurizio> # nmail.calm-ness.ch Maurizio> local_name nmail.calm-ness.ch { Maurizio> ssl_cert = </etc/letsencrypt/live/nmail.calm-ness.ch/privkey.pem Maurizio> ssl_key = </etc/letsencrypt/live/nmail.calm-ness.ch/fullchain.pem Maurizio> } Maurizio> thanks for possible help