[Discuss] SSL problems with imapfilter after upgrade to Debian 11
Matthew Gillen
me at mattgillen.net
Sat Aug 28 01:54:15 EDT 2021
On 8/27/2021 5:03 PM, Rich Pieri wrote:
> Server is behind firewall. It gets SSL certificates from letsencrypt.
> Dovecot is configured to use these certs. imapfilter had been working
> perfectly for a long time. Since upgrading to Debian 11 earlier this
> week I get these errors:
>
> $ imapfilter
> Enter password for xxx at xxx.xxx:
> imapfilter: initiating SSL connection to xxx.xxx; error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
> imapfilter: login request to xxx at xxx.xxx failed
>
> My hopefully short term workaround is to disable SSL entirely with
> imapfilter behind my firewall but this is not a good solution.
>
> Anyone have any ideas what Debian broke this time?
>
Openssl s_client is your friend.
I'm not familiar with imapfilter, but the question is whether it does
STARTTLS.
If no, then
openssl s_client -connect hostname:port
will tell you a fair bit about what the server is presenting to clients.
(check the expiration on the cert; LetsEncrypt is only valid for 90
days; maybe your auto-renew is broken?)
If it does STARTTLS (start with a normal TCP connection, then transition
to TLS), then you need to specify the protocol; looks like IMAP in this
case:
openssl s_client -connect hostname:port -starttls imap
Hope that helps,
Matt
More information about the Discuss
mailing list