TLS handshaking: SSL_accept() failed: error:0A000412:SSL routines::sslv3 alert bad certificate: SSL alert number 42,

Osiris · January 12, 2025, 10:25am

That's what I see from the public internet, yes.

Well, yes. Setting up mail software (or networking for that matter, e.g. NAT portmaps) in general is NOT the scope of this Community, as I said before. We can't dive into the TLS part of setting up Postfix, without Postfix being properly set up. I assume you want your Postfix to be reachable from the public internet. And the volunteers of this Community need to be able to test your Postfix from the public internet to debug the TLS part of it.

But BEFORE we can get to that TLS part, YOU need to make sure Postfix is working correctly. And you can call that "leaving [you] to go find out why", but that's indeed the gist of it. Because "finding out why" is NOT the scope of this Let's Encrypt Community. This is NOT the "Postfix Community" or "Postfix support channel".

fugee · January 12, 2025, 10:27am

Please leave the topic open while I try to get help from the postfix.org mailing list and I'll return with an update

fugee · January 12, 2025, 11:08am

#ufw app list|grep postfix
Postfix
Postfix SMTPS
Postfix Submission

fugee · January 12, 2025, 11:09am

ufw status

Status: active

To Action From

22 ALLOW Anywhere
53 ALLOW Anywhere
25/tcp ALLOW Anywhere
587 ALLOW Anywhere
993 ALLOW Anywhere
995 ALLOW Anywhere
4190/tcp ALLOW Anywhere
80 ALLOW Anywhere
443 ALLOW Anywhere
Postfix ALLOW Anywhere
20,21,990/tcp ALLOW Anywhere
40000:50000/tcp ALLOW Anywhere
465/tcp ALLOW Anywhere
993/tcp ALLOW Anywhere
587/tcp ALLOW Anywhere
22 (v6) ALLOW Anywhere (v6)
53 (v6) ALLOW Anywhere (v6)
25/tcp (v6) ALLOW Anywhere (v6)
587 (v6) ALLOW Anywhere (v6)
993 (v6) ALLOW Anywhere (v6)
995 (v6) ALLOW Anywhere (v6)
4190/tcp (v6) ALLOW Anywhere (v6)
80 (v6) ALLOW Anywhere (v6)
443 (v6) ALLOW Anywhere (v6)
Postfix (v6) ALLOW Anywhere (v6)
20,21,990/tcp (v6) ALLOW Anywhere (v6)
40000:50000/tcp (v6) ALLOW Anywhere (v6)
465/tcp (v6) ALLOW Anywhere (v6)
993/tcp (v6) ALLOW Anywhere (v6)
587/tcp (v6) ALLOW Anywhere (v6)

Bruce5051 · January 12, 2025, 6:10pm

Is there a router and / or an additional firewall (possible the ISP) preventing access to those ports.

system · February 11, 2025, 6:10pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Ssl handshake failures Help	3	539	June 5, 2020
SSL_do_handshake() failed (SSL: error:0A00006C:SSL routines::bad key share) while SSL handshaking Help	34	12540	September 8, 2023
Ssl handshake issue Help	12	11241	August 18, 2022
SSL_do_handshake() failed (SSL: error:0A00006C Help	25	4355	July 14, 2024
Ssl: certificate_verify_failed Help	3	233	May 4, 2024

TLS handshaking: SSL_accept() failed: error:0A000412:SSL routines::sslv3 alert bad certificate: SSL alert number 42,

ufw status

Related topics