similar to: Unexpected config results with local_name + multiple SSL certs

On 2018-02-25 (09:31 MST), David Favor <david at davidfavor.com> wrote: > > } > local_name imap.cydec.com { > ssl_cert = </etc/letsencrypt/live/imap.cydec.com/fullchain.pem > ssl_key = # hidden, use -P to show it > } Doesn't this still require a default t(top level) cert besides the one specified for local_name? Also, is there any reason to use local_name if

Hi, I'm using the Dovecot Prebuilt Binary: deb http://xi.rename-it.nl/debian/ stable-auto/dovecot-2.2 main I configured multiple SSL certificates with client TLS SNI (see http://wiki2.dovecot.org/SSL/DovecotConfiguration). Since my last update I get some warnings: doveconf: Warning: /etc/dovecot/conf.d/10-ssl.conf line 12: Global setting ssl_cert won't change the setting inside an

Hi all, I'm testing the SNI configuration from dovecot's wiki page, to have multiple domains. I'm using letsencrypt certificates. On the 10-ssl.conf, when I only use one domain, like this, it works : ssl_ca = </etc/letsencrypt/live/mail.mydomain.fr/chain.pem ssl_cert = </etc/letsencrypt/live/mail.mydomain.fr/cert.pem ssl_key =

s_client: Option unknown option -trace *** x509: Unknown parameter text On 5/25/20 11:49 AM, Aki Tuomi wrote: > Hi! > > Can you do > > openssl x509 text -noout </etc/letsencrypt/live/...../fullchain.pem > > and check these things: > > your server hostname isn included in SubjectAlternativeNames, and that the cert hasn't got MUST-STAPLE attribute? You can see

Hello Aki and all, The below lines are in the dovecot config file. This seems to be the same as Aki's suggestion. correct? I have also double checked file perms, tried with several new key gens, several versions of thunderbird and created completely new thunderbird profiles. Thank you, ssl_cert = </etc/letsencrypt/live/...../fullchain.pem ssl_key =

Hello, does local_name in TLS SNI context support regex? for example: local_name example-(foo|bar).com { ssl_cert = </var/lib/dehydrated/certs/example.com/fullchain.pem ssl_key = </var/lib/dehydrated/certs/example.com/privkey.pem } Best regards

I've installed LE certs on my Dovecot a while back, and, it has been working OK since, but, today, an iPhone user said he can't get emails as iphone says 'cert is expired', searching around, I see some other iPhone similar issues reported, do I have my conf correct, I have; # cat dovecot.conf | grep ssl ssl = required verbose_ssl = no ssl_cert =

Hi I have some problem with SNI and dovecot 2.2.36.4 Server debian 9.x ad dovecot-2.2.36.4 default server ssl cert is a wildcard like *.domain.com (digicert) ssl_ca = /var/control/cert.pem ssl_cert = </var/control/cert.pem I added for test another domain (in dns to) for another ssl (letsencrypt) from https://wiki.dovecot.org/SSL/DovecotConfiguration like: local_name

I have https/ssl on my site ok, but it uses two certificates from letsencrypt which renew automatically every three months. However - Icecase says. ssl-certificate If specified, this points to the location of a file that contains both the X.509 private and public key. This is required for HTTPS support to be enabled. Please note that the user Icecast is running as must be able to read the file.

At least doveconf -n output would help. I guess related to authentication settings. Are there any errors in logs? > On 1 Jun 2017, at 12.14, Odhiambo Washington <odhiambo at gmail.com> wrote: > >> On 30 May 2017 at 21:16, Timo Sirainen <tss at iki.fi> wrote: >> >> https://dovecot.org/releases/2.2/dovecot-2.2.30.tar.gz >>

Hello, I'm using dovecot 2.2.13 on Debian stable. My users are authenticated through PAM, and stored in an LDAP backend I'm trying to set-up replication with ssl, following (mainly) this : http://wiki2.dovecot.org/Replication 1) I only diverted from the instructed setup by not setting "doveadm_port = 12345", as it would give me errors of the like: > Fatal:

I have a mail server with multiple IP addresses and associated DNS names In the dovecot configuration I have a listen directive: ??? listen = mail.example.com.com,mail.otherexample.com,localhost Multiple local stanzas are of the form: local mail.example.com { ? protocol imap { ???? ssl_cert = </etc/letsencrypt/live/mail.example.com/fullchain.pem ???? ssl_key =

On Thursday, January 23, 2020 11:31:46 PM CET Sean Bright wrote: > On 1/21/2020 9:18 PM, hw wrote: > > [transport-tls] > > type = transport > > protocol = tls > > bind = 0.0.0.0:5061 > > tos = cs5 > > cert_file = /etc/asterisk/cert/asterisk.pem > > ca_list_file = /etc/pki/tls/certs/ca-bundle.crt > > method = sslv23 > > This is what mine

FYI? dovecot 2.2.10 from RedHat 7 has an issue with clients, which won't send SNI.?As you are using version 2.2.27 you might encounter the same behaviour. If the client won't send SNI, my server randomly answers with any cert instead of?the default cert,? --Perhaps dovecot just utilises the last used cert? One speciality?of my certs is, that both share the same Common Name (CN) but differ

On Friday 17 August 2018 01:41:39 CEST Stephan Bosch wrote: > dovecot -n Hi, here it is (I don't know why I get the SSLv2 warning because it is disabled in ssl_protocols, any ideas about that too?). BTW, even when storing the message in a different folder with fileinto, the original message is still saved in the original mailbox. I also tried using `discard;` and makes no difference, I

Hi, I'm new to the list (and postfix / dovecot), so if I mistakenly omit something, then please forgive me. I cannot log into Thunderbird via IMAP with my configuration. However, I can check the mail of each user by logging into their user account & then using the "mail" command. Is there something that is wrong with my config to not allow me to log into Thunderbird

Hi, I'm trying to configure a Dovecot dsync service between two servers, using a tcp+ssl connection and a valid Let's Encrypt certificate. I followed the guide on the wiki (http://wiki.dovecot.org/Replication) using the tcps method, but when I launch the replication it fails writing on the log (/var/log/mail.err): (Server 1 - sync "client" )| Error: sync: Disconnected from

|Dear all,| |a couple of days ago I upgraded our server from Ubuntu 18.04 to 20.04, thereby upgrading dovecot from 2.2.x to 2.3.x. | |Since then, some older versions of apple's mail.app (bundled with el Capitano, released in 2016) no longer connect. When I turn on SSL debugging, I see:| |Debug: SSL error: SSL_accept() failed: error:14209102:SSL

>From the config : auth_ssl_require_client_cert = no GMail empty vcard ... I have no ideas . so sorry. Coding snippets. What can I provide for you that will help? NOTE: it is pretty much the default config from Debian. Thank you, On Sun, May 24, 2020 at 9:29 PM Benny Pedersen <me at junc.eu> wrote: > > On 2020-05-25 02:54, hanasaki at gmail.com wrote: > > Config has >

Sorry... openssl x509 -text -noout -in /etc/letsencrypt/live/...../fullchain.pem and openssl s_client -connect host:993 Aki > On 25/05/2020 18:52 hanasaki at gmail.com <hanasaki at gmail.com> wrote: > > > s_client: Option unknown option -trace > *** > x509: Unknown parameter text > > > On 5/25/20 11:49 AM, Aki Tuomi wrote: > > Hi! > > >