dovecot stopped authenticating ssl since July 6
by metageek from LinuxQuestions.org on (#6P6N4)
My dovecot installation uses letsencrypt ssl certificates. It has been working for years, however it stopped authenticating my thunderbird client since July 6.
I get the error:
Code:Jul 13 16:44:01 mythic dovecot: imap-login: Disconnected: Connection closed: SSL_accept() failed: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca: SSL alert number 48 (no auth attempts in 0 secs): user=<>, rip=xxx.xxx.xxx.xxx, lip=10.11.12.5, TLS handshaking: SSL_accept() failed: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca: SSL alert number 48, session=<xxxxxxxxxxxx+>It seems to not accept the certificate authority.
I didn't change anything in my configuration (dovecot, certificate, thunderbird). The certificate was valid until September. Just to make sure, I forced it to be renewed and the same still happens with the new one.
I noticed that I did install the updated certificates package on July 4:
ca-certificates-20240703-noarch-1_slack15.0.txz
(I think I only tried to check email on July 6, but I am not 100% sure...)
It seems to me that something in the ca-certificates package changed that is now causing the failure to certify letsencrypt certificates (though I would think lots of people would have noticed this?...)
Any ideas what this could be or how I could investigate further (I am not too familiar with certificates, etc.)
thanks!
I get the error:
Code:Jul 13 16:44:01 mythic dovecot: imap-login: Disconnected: Connection closed: SSL_accept() failed: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca: SSL alert number 48 (no auth attempts in 0 secs): user=<>, rip=xxx.xxx.xxx.xxx, lip=10.11.12.5, TLS handshaking: SSL_accept() failed: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca: SSL alert number 48, session=<xxxxxxxxxxxx+>It seems to not accept the certificate authority.
I didn't change anything in my configuration (dovecot, certificate, thunderbird). The certificate was valid until September. Just to make sure, I forced it to be renewed and the same still happens with the new one.
I noticed that I did install the updated certificates package on July 4:
ca-certificates-20240703-noarch-1_slack15.0.txz
(I think I only tried to check email on July 6, but I am not 100% sure...)
It seems to me that something in the ca-certificates package changed that is now causing the failure to certify letsencrypt certificates (though I would think lots of people would have noticed this?...)
Any ideas what this could be or how I could investigate further (I am not too familiar with certificates, etc.)
thanks!