Imap server certificates shows as expired on connect

mhle · July 21, 2020, 11:00am

My domain is:
imap.eccentric.dk

I ran this command:

It produced this output:

My web server is (include version):
httpd-2.4.43-1.fc31.x86_64

The operating system my web server runs on is (include version):
Fedora server 31

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 1.5.0

when I connect to my (IMAP) mail server running dovecot-2.3.10.1-1.fc31.x86_64 I get an error stating that the cert for the server has expired, even though I’ve confirmed with certbot renew that all certs are up to date. Any help would be greatly appreciated

_az · July 21, 2020, 11:11am

Was Certbot configured to reload/restart Dovecot after the certificate renewal? Have you tried reloading/restarting Dovecot manually?

The cert doesn’t look expired to me, are you sure it’s complaining about the IMAPS certificate?

$ openssl s_client -connect  imap.eccentric.dk:993  -showcerts  | openssl x509 -noout -dates
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = imap.eccentric.dk
verify return:1
notBefore=Jun 21 09:52:38 2020 GMT
notAfter=Sep 19 09:52:38 2020 GMT

JuergenAuer · July 21, 2020, 11:23am

Hi @mhle

your certificate imap.eccentric.dk:993 is valid.

But connecting eccentric.dk:993 there is the same certificate - see https://check-your-website.server-daten.de/?q=eccentric.dk#connections - so this certificate is invalid, the name doesn't match. But there is no expired certificate visible.

system · August 20, 2020, 11:23am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.