TLS Error connection Error while reading file

1

Hi.
Greeting.

Before i post this issue, i`ve tried all best my knowledge. My server setup :
. Ubuntu 20.04 LTS
. Hestiacp 1.4.14
. Exim 4.93
. Dovecot 2.3.7.2

SSL Using Public SSL Wildcard. Configuration SSL Successful. and web server running.

incoming mail always late but outgoing always shown error but sent to the aim.

Exim error :

TLS error on connection from [xxx.xxx.xxx.xxx] (cert/key setup: cert={/usr/local/hestia
/ssl/certificate.crt} key={/usr/local/hestia/ssl/certificate.key}): Error while reading file.

Dovecot Error :

Disconnected (no auth attempts in 0 secs): user=<>, TLS handshaking: SSL_accept() failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert

Found this topic,

But solution is using Letsencrypts.

I need to try without letsencrypt first because i`ve own Public SSL.

Sincerely

2

Found the issue and Solution. after mediation with lot of cigarettes and coffee.

Generate TLS

sudo /usr/share/doc/exim4-base/examples/exim-gencert

it will generate crt and key, so, i copy my ssl with same directory that crt.
owner : root
group : mail

Small impact big changes.

editing /etc/exim4/conf.d/main/03_exim4-config_tlsoptions and adding the following:
MAIN_TLS_ENABLE = yes

Second, configure Exim4 to use the saslauthd for authentication by editing /etc/exim4/conf.d/auth/30_exim4-config_examples and uncomment the plain_saslauthd_server and login_saslauthd_server sections:

 plain_saslauthd_server:
   driver = plaintext
   public_name = PLAIN
   server_condition = ${if saslauthd{{$auth2}{$auth3}}{1}{0}}
   server_set_id = $auth2
   server_prompts = :
   .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
   server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
   .endif
#
 login_saslauthd_server:
   driver = plaintext
   public_name = LOGIN
   server_prompts = "Username:: : Password::"
   # don't send system passwords over unencrypted connections
   server_condition = ${if saslauthd{{$auth1}{$auth2}}{1}{0}}
   server_set_id = $auth1
   .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
   server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
   .endif

sudo chown root:Debian-exim /etc/exim4/passwd
sudo chmod 640 /etc/exim4/passwd

Thanks

2 Likes
3

I have a similar problem.

Ubuntu 18.04
Hestia CP 1.4.14

When I create a mail domain, no certificate link is created under /usr/local/hestia/ssl/mail.

The certificate is generated under /home/%user%/conf/%domain%/ssl.

The result:
When sending, the server certificate is used, but not by the individual domain.

The error does not occur under Debian 10.

Best regards

Tom

Debian 10
Debian 101022×187 40.4 KB

Ubuntu 18.04
Ubuntu 18.041018×195 18.7 KB

4

Corrective action: Delete all SSL certificates and then create new ones.

5

Did you restored from a backup?

6

No. It is therefore surprising that the certificates were gone.

7

I assume that you updated from 1.4.12 or before to directly 1.4.14?

But the force rebuild should fixed the issue.

I see now that the force rebuild is missing

We really need to improve this rebuilding part…

8

No, it was an update from 1.4.2 to version 1.4.14.

9

Then you had the same issue. It will indeed explain the issue…

We need to improve and set certain conditions per version:

10

like i explain above, my solution,

  1. Generate crt from exim4, than copy a own ssl to directory installed the exim4 crt,
  2. Rename own ssl into exim4 crt
  3. restart exim service

Thanks

11

As told v-rebuild-mail-domains should solve the issue

It is a bug in our update system…

12

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.