Certificate Error (IMAP)

Hello!
Im trying to connect to IMAP via mailspring and thunderbird and Im reciving the following error.
connect mailcore::IMAPSession:0x7ffd1a0cfcc0

  • OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN AUTH=LOGIN] Mail Delivery Agent
    ssl connect mail.mydomain.com 993 2
    OpenSSL version: OpenSSL 1.1.0f 25 May 2017
    Verification failed:

X509_verify_cert_error_string:

self signed certificate
X509_get_subject_name:

ssl connect certificate ERROR 2

any idea?

Thanks

Enable SSL for your mail domain?

Yes, SSL is enabled.

"self signed certificate
X509_get_subject_name:

ssl connect certificate ERROR 2"

1 Like

According you error message the certificate is self signed. Make sure you enable ssl for your mail domain.

1 Like

I Have enabled SSL for my mail domain. I don’t know why it says its self signed.
See my settings.


do you use mail.domain.tld for both, incoming and outgoing mail?

Yes. See bellow.

Did you restore this mail domain from vesta or old backup? If yes, please try to re-issue the LE from hestia.

I have test vestacp to but I didn’t backup it. I just did a fresh install of hestiacp and add this mail. How can i re-issue the LE? Now Im getting this error:
Error: Let’s Encrypt new auth status 429

Then this would be useful Let's Encrypt new auth status 429 - Help - Let's Encrypt Community Support

Thanks. I requested too many certificates. So, now I have to wait.

do you (have to) use a proxy to connect to the internet which might break/terminate ssl connection in between? sometime security suites on your computer do the same especially for mail to be able to scan them before they arrive in inbox. any other spam-filter on the way in?

1 Like

Hmm. I’m not sure about this. I don’t know how to se a proxy, so I didn’t. I’m kinda new to this.
I just installed hestiacp, I created new user and I added my domain and mail domain and I enabled SSL for both.

I mean your local computer, not your server :wink:
your set up looks about right, but there could be something running on your desk that acts like a man in the middle on your mail traffic.

security suite or spam filtering programs tend to do that. however to be able to inspect the mails for spam/malware and so on, it obviously needs to terminate the tls/ssl connection and unencrypt the mail. because your mail software is still set up to use and expect tls the software then has to offer tls/ssl of it’s own when finally directing the mail towards your client. but it does not have the private key to re-encrypt with the original cert. so it’s going to use it’s own one, which might lead to the message above.

maybe check what antivirus/anti malware/security suite you are using and if the error message you are seeing is a known thing with that.

I see. I try to connect to imap/smtp from three different devices. Same error from all.
Now I can’t enable ssl because the following error: Error: Let’s Encrypt new auth status 429. So I have to wait and try again later.

Hey again.
Let’s Encrypt new auth status 429 is bypassed now and I enabled SSL again.
I don’t know how but my problem about certificate it’s seems to be fixed now.
Thanks you guys.