search for: fullchain

s_client: Option unknown option -trace *** x509: Unknown parameter text On 5/25/20 11:49 AM, Aki Tuomi wrote: > Hi! > > Can you do > > openssl x509 text -noout </etc/letsencrypt/live/...../fullchain.pem > > and check these things: > > your server hostname isn included in SubjectAlternativeNames, and that the cert hasn't got MUST-STAPLE attribute? You can see this by looking for 1.3.6.1.5.5.7.1.24 > > Also, can you provide output of > > openssl s_client -connect...

..._limit = 256 M } service managesieve-login { inet_listener sieve { port = 4190 } inet_listener sieve_deprecated { port = 2000 } } service replicator { process_min_avail = 1 unix_listener replicator-doveadm { mode = 0666 } } ssl_cert = </etc/letsencrypt/live/aprogsys.com/fullchain.pem ssl_key = # hidden, use -P to show it userdb { driver = passwd } protocol lda { mail_plugins = " acl fts fts_lucene notify replication virtual sieve" } protocol imap { imap_client_workarounds = delay-newmail tb-extra-mailbox-sep tb-lsub-flags mail_max_userip_connections = 40...

...resses and associated DNS names In the dovecot configuration I have a listen directive: ??? listen = mail.example.com.com,mail.otherexample.com,localhost Multiple local stanzas are of the form: local mail.example.com { ? protocol imap { ???? ssl_cert = </etc/letsencrypt/live/mail.example.com/fullchain.pem ???? ssl_key = </etc/letsencrypt/live/mail.example.com/privkey.pem ???? service imaps_login { ?????? inet_listener imaps { ???????? address=mail.example.com ?????? } ?????? inet_listener imap { ???????? address=mail.example.com ?????? } ???? } ? } } mail.example.com has IPv4 and IPv6 addre...

At least doveconf -n output would help. I guess related to authentication settings. Are there any errors in logs? > On 1 Jun 2017, at 12.14, Odhiambo Washington <odhiambo at gmail.com> wrote: > >> On 30 May 2017 at 21:16, Timo Sirainen <tss at iki.fi> wrote: >> >> https://dovecot.org/releases/2.2/dovecot-2.2.30.tar.gz >>

...the dovecot config file. This seems to be the same as Aki's suggestion. correct? I have also double checked file perms, tried with several new key gens, several versions of thunderbird and created completely new thunderbird profiles. Thank you, ssl_cert = </etc/letsencrypt/live/...../fullchain.pem ssl_key = </etc/letsencrypt/live/...../privkey.pem On 5/25/20 11:11 AM, Aki Tuomi wrote: > The real reason is that you have misconfigured your cert. Alert 42 means that the *client* consider *server* client untrusted. > > If you are using LE cert you should configure > > s...

...Be great if someone can point out what I've missed, to setup multiple SSL certs for different host.domain entries in config. Thanks. _______ This works as expected... where the SNI server name is returned... #local_name imap.cydec.com { ssl_cert = </etc/letsencrypt/live/imap.cydec.com/fullchain.pem ssl_key = </etc/letsencrypt/live/imap.cydec.com/privkey.pem #} service dovecot restart && echo QUIT | openssl s_client -connect imap.cydec.com:993 -servername imap.cydec.com 2>&1 | egrep ^subject subject=/CN=imap.cydec.com _______ This fails... local_name imap.cydec.com...

...= > ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES128 > -GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA- > AES256-SHA384,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256 > cert_file = /etc/letsencrypt/live/specialdomain.com/fullchain.pem > priv_key_file = /etc/letsencrypt/live/specialdomain.com/privkey.pem Thanks, it still says SSL SSL_ERROR_SSL (Handshake): Level: 0 err: <336109761> <SSL routines- ssl3_get_client_hello-no shared cipher> len: 0 peer: 10.10.20.29:54937 Why does it even say ssl3 despite tlsv1_...

...ommit/87404eae4581d7ef834f490507503e59a500066e My configuration is (shorted): # dovecot -n # 2.2.devel (87404ea): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.devel (215349a) # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.10 [...] ssl_cert = </etc/letsencrypt/live/v083.violet.fastwebserver.de/fullchain.pem [...] ssl_key = </etc/letsencrypt/live/v083.violet.fastwebserver.de/privkey.pem [...] local_name imap.langzeittest.de { ssl_cert = </etc/letsencrypt/live/fahrerlager.langzeittest.de/fullchain.pem ssl_key = </etc/letsencrypt/live/fahrerlager.langzeittest.de/privkey.pem } local_name...

...iPhone user said he can't get emails as iphone says 'cert is expired', searching around, I see some other iPhone similar issues reported, do I have my conf correct, I have; # cat dovecot.conf | grep ssl ssl = required verbose_ssl = no ssl_cert = </etc/letsencrypt/live/fqn.myserver/fullchain.pem ssl_key = </etc/letsencrypt/live/fqn.myserver/privkey.pem is fullchain.pem and privkey.pem is what I should be using ? anythought how to force an iphone to reload cert ? actual cert was renewed 15/7, old/previous one expired earlier today ls /etc/letsencrypt/live/fqn.myserver/ cert.pem...

...ate. We have followed the instructions at? https://wiki.dovecot.org/S SL/DovecotConfiguration 1. We have created /etc/dovecot/dh.pem (yes it took five hours)? 2. We have edited 10-ssl.conf as directed by the Wiki: ssl = yes ssl_cert = /etc/certbot/live/privustech.com/fullchain.pem ssl_key = /etc/certbot/live/privustech.com/privkey.pem ssl_dh = /etc/dovecot/dh.pem #(yes, it took five hours to create...) ssl_min_protocol = TLSv1 ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC...

...ix/private/auth 0 srw-rw-rw- 1 root wheel 0 May 27 13:57 /var/spool/postfix/private/auth postfix/main.cf: smtpd_sasl_authenticated_header = yes smtpd_sasl_path = private/auth smtpd_sasl_type = dovecot smtpd_starttls_timeout = 20s smtpd_tls_cert_file = /usr/local/etc/dehydrated/certs/covisp.net/fullchain.pem smtpd_tls_key_file = /usr/local/etc/dehydrated/certs/covisp.net/privkey.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_security_level = may 16 -rw------- 1 root 443 4152 May 20 21:08 fullchain-1558408117.pem 0 lrwx------ 1 root 443 24 May 20 21:08 fullchain.pem -&...

Sorry... openssl x509 -text -noout -in /etc/letsencrypt/live/...../fullchain.pem and openssl s_client -connect host:993 Aki > On 25/05/2020 18:52 hanasaki at gmail.com <hanasaki at gmail.com> wrote: > > > s_client: Option unknown option -trace > *** > x509: Unknown parameter text > > > On 5/25/20 11:49 AM, Aki Tuomi wrote: > >...

...t assumption: Thanks for the input. I've checked out your suggestions (details below) but unfortunately no joy. I also restored my backup 10-ssl.conf. It indeed has the "<" sign with a space before the explicit paths to the files: ? ? ssl_cert = </etc/certbot/live/privustech.com/fullchain.pem ? ? ssl_key = </etc/certbot/live/privustech.com/privkey.pem ?It returns several complaints after restarting dovecot which I addressed: ? ??https://wiki2.dovecot.org/Upgrading/2.3 ? ??https://github.com/dovecot/core/blob/master/doc/example-config/conf .d/10-ssl.conf ? Changed ssl_protocols?to...

Hi Team, I have enabled LDAP authentication with webmail client and it works successfully. But I found an error with LDAP user's mail. Email is not loaded when I log with an LDAP user. Login phase is successful and mail box is the issue. I created a mail user without including LDAP and that user works fine. Issue comes only with LDAP users. *Anushka Bandara* Research Engineer Lanka Software

...s:my.domain.com:1465" (following a mail from here : http://www.dovecot.org/list/dovecot/2016-September/105356.html) So far, this seems to be working for me. 2) However, I'm having ssl problems. I have a let's encrypt certificate, and have concatened the CA cert and my server cert in a fullchain.pem. Excerpt from my ssl config : > ssl = yes > ssl_cert = </etc/letsencrypt/live/my.domain.com/fullchain.pem > ssl_key = </etc/letsencrypt/live/my.domain.comi/privkey.pem doveadm return me these errors (sudo -u dovecot doveadm -v sync -u user tcps:my.domain.com:12345) : > dovead...

I have https/ssl on my site ok, but it uses two certificates from letsencrypt which renew automatically every three months. However - Icecase says. ssl-certificate If specified, this points to the location of a file that contains both the X.509 private and public key. This is required for HTTPS support to be enabled. Please note that the user Icecast is running as must be able to read the file.

...s >as >iphone says 'cert is expired', searching around, I see some other >iPhone >similar issues reported, do I have my conf correct, I have; > ># cat dovecot.conf | grep ssl >ssl = required >verbose_ssl = no > >ssl_cert = </etc/letsencrypt/live/fqn.myserver/fullchain.pem >ssl_key = </etc/letsencrypt/live/fqn.myserver/privkey.pem > >is fullchain.pem and privkey.pem is what I should be using ? > >anythought how to force an iphone to reload cert ? > >actual cert was renewed 15/7, old/previous one expired earlier today > >ls /etc/letse...

Hi! Can you do openssl x509 text -noout </etc/letsencrypt/live/...../fullchain.pem and check these things: your server hostname isn included in SubjectAlternativeNames, and that the cert hasn't got MUST-STAPLE attribute? You can see this by looking for 1.3.6.1.5.5.7.1.24 Also, can you provide output of openssl s_client -connect host:993 -trace Aki > On 25/05/2020...

...| |Unfortunately, it doesn't reveal the name of the unsupported protocol. Also, what about the failed syscall? Does dovecot try and fail to open some file?| |Here are the contents of /etc/dovecot/conf.d/10-ssl.conf:| |??? ssl = yes ??? ssl_cert = </etc/ssl/letsencrypt/idaweb-mail.rooot.de/fullchain.pem ??? ssl_key = </etc/ssl/letsencrypt/idaweb-mail.rooot.de/key.pem ??? ssl_ca = </etc/ssl/letsencrypt/idaweb-mail.rooot.de/ca.pem ??? ssl_client_ca_dir = /etc/ssl/certs ??? ssl_dh = </etc/dovecot/dh.pem | |I would greatly appreciate any hints! | |Cheers,| |Johannes | | | || ----...

Can someone please, *please* explain to me how I can install the latest Icecast server with SSL enabled? I've tried several methods I found when searching but nothing works. OS: Raspberry PI OS LITE (32-bit) Thanks in advance! Regards.. Daniel -- *Bananradion* - svängig musik non-stop -------------- next part -------------- An HTML attachment was scrubbed... URL: