My domain is: antiochtechnologies.com
My web server is (include version): apache 2.4.18
The operating system my web server runs on is (include version): ubuntu 16.04
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): webmin 1.942
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you’re using Certbot): 0.27.0
select mobile clients are not receiving mail. desktop clients working fine. mail.err log shows the following whenever select mobile clients attempt connection.
dovecot: imap-login: Error: SSL: Stacked error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46
You’re not sending an intermediate certificate. Your Dovecot configuration should include the intermediate certificate.
added the following to /etc/dovecot/conf.d/10-ssl.conf, even though the comments in the file say to only do so when performing client certificate checking. seems to have resolved the issue.
ssl_ca = </etc/webmin/letsencrypt-ca.pem
Doesn’t webmin provide some combined file like
not that i can see in /etc/webmin. just the ca, cert and key files.
Did webmin create those files? Or did certbot? B/c you’re also citing version
0.27 of certbot?
webmin just implemented certbot, requiring me to install it. but i never use it directly. webmin continues to handle the requesting and renewals…just now using certbot as i understand it.
Ah, I see. Unfortunate. The webmin code indeed doesn’t include the
fullchain.pem provided by
Two options if you don’t want to use
ssl_ca (I wouldn’t recommend it, just like the Dovecot devvers don’t recommend it):
- Patch the webmin source code to include
- Place a command like
cat /etc/webmin/letsencrypt-cert.pem /etc/webmin/letsencrypt-ca.pem > /etc/webmin/letsencrypt-fullchain.pem in the certbot renewal configuration file of the certificate name used by webmin.
is the location of this file a webmin question?
I don't know if webmin manipulates certbot in a way the location of that file is different than the default location. Normally, one would find the renewal configuration files of certbot in
/etc/letsencrypt/renewal with subdirectories there for each certificate "lineage". Also, I'm not familiair with webmin to say how webmin names the certificate lineages.
that folder only contains conf files for the webmin domain and each virtualmin domain. however, in antiochtechnologies.com.conf, /etc/letsencrypt/live/antiochtechnologies.com/fullchain.pem is referenced. now /etc/letsencrypt/live/antiochtechnologies.com/fullchain.pem turns out to be a symlink to /etc/letsencrypt/archive/antiochtechnologies.com/fullchain3.pem. could i just tell dovecot to use /etc/letsencrypt/live/antiochtechnologies.com/fullchain.pem?
If you're sure that's the correct certificate (compair /etc/webmin/letsencrypt-cert.pem and /etc/letsencrypt/live/antiochtechnologies.com/cert.pem): yes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.