Questions re: Beginning Issuance from R3

Hi folks! I just ran into an issue which I'd like to share here:

I am using Let's Encrypt certs for my personal Dovecot IMAP service. I did not face any issue in Apple Mail on iOS 14.2, nor using Thunderbird on MacOSX Big Sur.
But I ran into an issue when I launched Thunderbird on my Windows 10 PC; which is a rare event, since that box is usually only used for gaming, nowadays. I did not get any Error message or anything; the sync just ended and no new mail was fetched.
I then tried it with K-9 Mail app on my old Android device: Same issue: No error but no new mail, either.

I then jumped into the journald of the Mailserver and found:

Dez 21 19:32:56 dovecot[3331742]: imap-login: Disconnected 
(no auth attempts in 0 secs): user=<>,, lip=yyy.yyy.yyy.yyy,
TLS handshaking: SSL_accept() failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3
alert certificate unknown: SSL alert number 46, session=<D1nY...

I also tried to check the cert using OpenSSL on the server's shell:

~ # openssl s_client -connect -quiet | echo
depth=0 CN =
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN =
verify error:num=21:unable to verify the first certificate
verify return:1
~ #

Then I found your blog entry, pointing to I downloaded the Certificate and imported it to Windows 10, Android and the Thunderbird certificate store manually. This fixed it for me.

I described the details in a blog entry here.

I do not know if this is of interest for you or if it was just me doing anything wrong, but I thought I should let you know.


1 Like