Certificate Error (IMAP)

emmarvpol · May 1, 2021, 12:00pm

Hello!
Im trying to connect to IMAP via mailspring and thunderbird and Im reciving the following error.
connect mailcore::IMAPSession:0x7ffd1a0cfcc0

OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN AUTH=LOGIN] Mail Delivery Agent
ssl connect mail.mydomain.com 993 2
OpenSSL version: OpenSSL 1.1.0f 25 May 2017
Verification failed:

X509_verify_cert_error_string:

self signed certificate
X509_get_subject_name:

ssl connect certificate ERROR 2

any idea?

Thanks

eris · May 1, 2021, 12:15pm

Enable SSL for your mail domain?

emmarvpol · May 1, 2021, 12:16pm

Yes, SSL is enabled.

Ubi · May 2, 2021, 6:15am

"self signed certificate
X509_get_subject_name:

ssl connect certificate ERROR 2"

eris · May 2, 2021, 6:59am

According you error message the certificate is self signed. Make sure you enable ssl for your mail domain.

emmarvpol · May 2, 2021, 9:09am

I Have enabled SSL for my mail domain. I don’t know why it says its self signed.
See my settings.

Raphael · May 2, 2021, 9:18am

do you use mail.domain.tld for both, incoming and outgoing mail?

emmarvpol · May 2, 2021, 9:21am

Yes. See bellow.

Ubi · May 2, 2021, 10:39am

Did you restore this mail domain from vesta or old backup? If yes, please try to re-issue the LE from hestia.

emmarvpol · May 2, 2021, 10:48am

I have test vestacp to but I didn’t backup it. I just did a fresh install of hestiacp and add this mail. How can i re-issue the LE? Now Im getting this error:
Error: Let’s Encrypt new auth status 429

Ubi · May 2, 2021, 10:54am

Then this would be useful Let's Encrypt new auth status 429 - Help - Let's Encrypt Community Support

emmarvpol · May 2, 2021, 10:58am

Thanks. I requested too many certificates. So, now I have to wait.

falzo · May 2, 2021, 4:20pm

do you (have to) use a proxy to connect to the internet which might break/terminate ssl connection in between? sometime security suites on your computer do the same especially for mail to be able to scan them before they arrive in inbox. any other spam-filter on the way in?

emmarvpol · May 2, 2021, 7:05pm

Hmm. I’m not sure about this. I don’t know how to se a proxy, so I didn’t. I’m kinda new to this.
I just installed hestiacp, I created new user and I added my domain and mail domain and I enabled SSL for both.

falzo · May 3, 2021, 8:28am

I mean your local computer, not your server
your set up looks about right, but there could be something running on your desk that acts like a man in the middle on your mail traffic.

security suite or spam filtering programs tend to do that. however to be able to inspect the mails for spam/malware and so on, it obviously needs to terminate the tls/ssl connection and unencrypt the mail. because your mail software is still set up to use and expect tls the software then has to offer tls/ssl of it’s own when finally directing the mail towards your client. but it does not have the private key to re-encrypt with the original cert. so it’s going to use it’s own one, which might lead to the message above.

maybe check what antivirus/anti malware/security suite you are using and if the error message you are seeing is a known thing with that.

emmarvpol · May 3, 2021, 10:42am

I see. I try to connect to imap/smtp from three different devices. Same error from all.
Now I can’t enable ssl because the following error: Error: Let’s Encrypt new auth status 429. So I have to wait and try again later.

emmarvpol · May 8, 2021, 11:06am

Hey again.
Let’s Encrypt new auth status 429 is bypassed now and I enabled SSL again.
I don’t know how but my problem about certificate it’s seems to be fixed now.
Thanks you guys.

system · June 7, 2021, 11:07am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.