ot: LE server conf setup/ iPhone 'expired cert' message
dclist at list.jmatt.net
dclist at list.jmatt.net
Sun Jul 22 16:22:56 EEST 2018
> On Jul 22, 2018, at 9:04 AM, Voytek Eymont <voytek at sbt.net.au> wrote:
>
> I've installed LE certs on my Dovecot a while back, and, it has been
> working OK since, but, today, an iPhone user said he can't get emails as
> iphone says 'cert is expired',
> (if I open mailserver host in browser, padlock shows current/valid cert)
>
Usually, a browser connects to a web server on port 443, while an email client connects to an IMAP or POP server on a different port, served by different software. Just because your browser receives a current/valid cert, that doesn’t mean your dovecot server is sending the same certificate.
Assuming the sbt.net.au <http://sbt.net.au/> in your email address is the address of your dovecot server, I tried
openssl s_client -connect sbt.net.au:143 -starttls imap
And received a cert which includes:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:5b:41:a6:f4:a6:33:eb:5b:ac:af:b8:20:96:f4:0e:20:b9
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
Validity
Not Before: Apr 23 11:11:28 2018 GMT
Not After : Jul 22 11:11:28 2018 GMT
Subject: CN=geko.sbt.net.au <http://geko.sbt.net.au/>
Dovecot is sending an expired cert. Pascai is correct; you need to restart it.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20180722/2f062927/attachment.html>
More information about the dovecot
mailing list