Hi folks! I just ran into an issue which I'd like to share here:
I am using Let's Encrypt certs for my personal Dovecot IMAP service. I did not face any issue in Apple Mail on iOS 14.2, nor using Thunderbird on MacOSX Big Sur.
But I ran into an issue when I launched Thunderbird on my Windows 10 PC; which is a rare event, since that box is usually only used for gaming, nowadays. I did not get any Error message or anything; the sync just ended and no new mail was fetched.
I then tried it with K-9 Mail app on my old Android device: Same issue: No error but no new mail, either.
I then jumped into the journald of the Mailserver and found:
Dez 21 19:32:56 zzzzz.zen-net.de dovecot[3331742]: imap-login: Disconnected
(no auth attempts in 0 secs): user=<>, rip=xxx.xxx.xxx.xxx, lip=yyy.yyy.yyy.yyy,
TLS handshaking: SSL_accept() failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3
alert certificate unknown: SSL alert number 46, session=<D1nY...
I also tried to check the cert using OpenSSL on the server's shell:
~ # openssl s_client -connect mail.marc-richter.info:993 -quiet | echo
depth=0 CN = mail.marc-richter.info
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = mail.marc-richter.info
verify error:num=21:unable to verify the first certificate
verify return:1
~ #
Then I found your blog entry, pointing to https://crt.sh/?id=3470671161. I downloaded the Certificate and imported it to Windows 10, Android and the Thunderbird certificate store manually. This fixed it for me.
I described the details in a blog entry here.
I do not know if this is of interest for you or if it was just me doing anything wrong, but I thought I should let you know.
BR,
Marc