R3 expired iOS IMAPS using Dovecot

Hello! I'm having this same issue. Mail client on my iPhone with iOS 15 complains about the old R3 cert being expired. I can reach my email by any other method/client.

How do I change Apache to "send the full chain"?

If I remove the account, and put it back, I can trust the expired certificate one time. But after a cert renewal, I get the error again, and can no longer trust/override. I have to remove the account again, and re-add it.

The domain is only using the new "ISRG Root X1" path, yet somehow my phone still sees and rejects the old certificate in the old path.

As much as I hate to give this advice... I think, in this case, it must be tried.
Try trusting the Intermediate cert (the one between your leaf and "ISRG Root X1").

image419×522 10.2 KB

With any luck, that entry (and its' cache hit) will supersede the remaining (cached) trust/untrusted path).

Are you talking about a mail service port or an HTTPS (web)mail service?
[ I don't know how Apache can do any email services ]

You’re right. Everything web based has worked okay. My problem is IMAPS using Dovecot. So maybe that is using the wrong chain of certs?

That is likely.
Ensure it uses fullchain.pem (not cert.pem).

Dovecot config was pointed to cert.pem, so I switched it to fullchain.pem. Thanks!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.