Home / user-407675

sevynos's questions

Martin Hope
sevynos
Asked: 2020-11-27 10:58:47 +0800 CST
  • 3

Since yesterday my Thunderbird client can't connect to my mail server but two other clients I tried have no problem to retrieve email.

In my mail log file I have these lines:

Nov 26 13:24:46 LinuxWebServer dovecot: imap-login: Error: SSL: Stacked error: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42
Nov 26 13:24:46 LinuxWebServer dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=*.*.*.*, lip=*.*.*.*, TLS: SSL_read() failed: Unknown error, session=<MGGQqAa1aMhFRiQi>
Nov 26 13:24:51 LinuxWebServer dovecot: imap-login: Error: SSL: Stacked error: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42
Nov 26 13:24:51 LinuxWebServer dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=*.*.*.*, lip=*.*.*.*, TLS: SSL_read() failed: Unknown error, session=<W7viqAa1achFRiQi>

I have checked the validity of my certificate and it's still valid up to 2027.

With Sylpheed mail client I get the following dialog:

The SSL certificate of mail.somedomain.com cannot be verified by the following reason:
  unable to get local issuer certificate

Subject: /CN=LinuxWebServer
Issuer: /OU=generated by Avast Antivirus for self-signed certificates/O=Avast Web/Mail Shield/CN=Avast Web/Mail Shield Self-signed Root
Issued date: Feb  9 20:02:57 2017 GMT
Expire date: Feb  7 20:02:57 2027 GMT

SHA1 fingerprint: 70:0C:A4:FA:25:11:1F:2B:27:A8:66:99:89:11:A7:21:04:26:52:54
MD5 fingerprint: 45:0E:2B:CF:FA:AD:7C:D6:A8:18:DE:2C:36:B8:FA:20

I understands there is a clue about the issue in this warning but I just don't really understand what it technically mean

EDIT:

In 10-ssl.conf:

ssl = required
ssl_cert = </etc/ameloracerts/mailsrvs.ca.crt
ssl_key = </etc/ameloracerts/mailsrvs.key

In 99-mail-stack-delivery.conf:

99-mail-stack-delivery.conf
protocols = imap pop3 lmtp
disable_plaintext_auth = yes
ssl = yes
ssl_cert = </etc/dovecot/dovecot.pem
ssl_key = </etc/dovecot/private/dovecot.pem
ssl_cipher_list = 
ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM
ssl_protocols = !SSLv2 !SSLv3
ssl dovecot thunderbird
Martin Hope
sevynos
Asked: 2018-01-01 08:07:05 +0800 CST
  • -2

After my regular updates and a reboot of my server I accessed a web page on it and got the following errors:

Warning: file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages: 
error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed in 
/var/www/domain.ca/public_html/page.php on line 51

Warning: file_get_contents(): Failed to enable crypto in /var/www/domain.ca/public_html/
page.php on line 51

Warning: file_get_contents(https://www.cryptopia.co.nz/api/GetMarkets/BTC): failed to open 
stream: operation failed in /var/www/domain.ca/public_html/page.php on line 51

After some more testing, my other file_get_contents() works well. The only difference I saw with cryptopia is that they use a Comodo certificate. So I guess it's related to the issue but I didn't find a solution for this.

OS is Ubuntu Server 16.04.3 and PHP is version 7.0.22.

Any help is welcome!

php