It fails here.
This is the configuration:
ssl_key = </domain/example.com/ssl/mx.key
ssl_cert = </domain/example.com/ssl/mx-bundle.pem
ssl_ca = </domain/example.com/ssl/mx_ca-bundle.pem
local_name imaps.other.tld {
#ssl_key = </domain/other.tld/ssl/mx.key
ssl_key = </etc/ssl/acme/private/other.tld/privkey.pem
#ssl_cert = </domain/other.tld/ssl/mx.pem
ssl_cert = </etc/ssl/acme/other.tld/fullchain.pem
ssl_ca = </domain/other.tld/ssl/mx_ca-bundle.pem
}
This is the error message that appears in the log as soon as Thunderbird is started.
2017-03-20T10:17:01.37880 2017-03-20T11:17:01 imap-login: Info: Disconnected (no auth attempts in 1 secs): user=<>, rip=192.168.1.1, lip=192.168.1.5, TLS: SSL_read() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate: SSL alert number 42, TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
The certificate is good, however. It is the same we use for https://other.tld, without the prefix "www".
imaps.other.tld is listed as alternative name.
This is the command used to create the certificate:
acme-client -vNnmOe $fqdn www.$fqdn mx.$fqdn smtps.$fqdn imaps.$fqdn;
We need a solution to this problem.