Thunderbird doesn't like Letsencrypt certificates


#1

I just set up Let’s encrypt on my server running Apache for serving web pages and Dovecot for email. I’m using the same certificate for both services. Everything seems to work fine, but when a user using Thunderbird tries to connect to my email service using IMAP, it complains about untrusted certificate. This is a minor inconvenience (the users just have to accept the untrusted certificate), but I’m curious as to why Thunderbird doesn’t recognize Let’s encrypt as a valid certificate?


#2

You probably do not send the intermediate certificate. What’s your mail server’s SSL config?


#3

I have in my dovecot.conf file:
ssl_cert_file = /path/to/my/cert.pem
ssl_key_file = /path/to/my/privkey.pem

I don’t see other lines in the configuration file that could be relevant to this.


#4

Try switching ssl_cert_file to /path/to/my/fullchain.pem.


#5

This worked. Now Thunderbird accepts my certificate. Thanks a lot!


#7

According to Dovecot documentation
Please be aware that the dovecot config for this has to be:
ssl_cert_file = </path/to/my/cert.pem

As the “<” stands for read the content of a file

To read the content of a file, for instance for the SSL certificate option, prefix the filename with a <

costed me 1/2h to figure out - dovecot’s log gives the following error:

Fatal: Couldn’t parse private ssl_key: error:0906D06C:PEM routines:PEM_read_bio:no start line: Expecting: ANY PRIVATE KEY

Greetings
Wolfgang