Yesterday I finished setting up my mail server and got a certificate from letsencrypt and replaced my self signed cert with it in dovecot’s and postfix configuration files and restarted them, and connected to it using openssl’s s_client and received the following verify error:
Verify return code: 21 (unable to verify the first certificate)
Then I set up it on my web server(https://mail.matalamaki.fi) and ta’dah, it works well, at least on chrome, but for some reason the same setup doesn’t work with my mail server, why is that?
my mail configurations:
ssl_cert = </etc/letsencrypt/live/mail.matalamaki.fi/fullchain.pem ssl_key = </etc/letsencrypt/live/mail.matalamaki.fi/privkey.pem
smtpd_tls_cert_file=/etc/letsencrypt/live/mail.matalamaki.fi/fullchain.pem smtpd_tls_key_file=/etc/letsencrypt/live/mail.matalamaki.fi/privkey.pem smtpd_use_tls=yes
With self signed cert it signs it correctly, but it doesn’t work on gmail, which is the mail reason I need to get CA signed cert for my mail server too.
With the LE cert setup I am experiencing the same error from gmail too, when trying to add the pop3 inbox:
SSL error: unable to verify the first certificate