• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Forwarded to devs Roundcube "Connection to storage server failed" when securing mail with Let's Encrypt certificate

Sergio Manzi

Sergio Manzi

Regular Pleskian
TITLE:
Roundcube "Connection to storage server failed" when securing mail with Let's Encrypt certificate
PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE:
Plesk 17.8.10 (upgraded from 17.5.3#40)
CentOS 7.4.1708, Kernel 3.10.0-693
PROBLEM DESCRIPTION:
If the mail subsystem is protected with an LE certificate Roundcube IMAP connection fails.​
STEPS TO REPRODUCE:
  • Start with a Postfix+Dovecot+Roundcube configuration where the mail subsystem is protected by the default self-signed certificate.

  • You can log into webmail, without any issue. Logout from it.

  • Now apply for an LE certificate and apply it to your mail subsystem (Tools & Settings -> SSL/TLS Certificates -> Certificate for securing mail)

  • Try to login to webmail again
ACTUAL RESULT:
You can't log in and a message appears on the Webmail login page: "Connection to storage server failed"

In dovecot log you will find an error message of this kind of diagnostic:
TLS handshaking: SSL_accept() failed: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca: SSL alert number 48,​
EXPECTED RESULT:
Be able to log into webmail, no error being issued​
ANY ADDITIONAL INFORMATION:
Apparently it is a problem with Roundcube not recognizing the LE certificate.

The issue can be bypassed by modifying /usr/share/psa-roundcube/config/defaults.inc.php
Code: 
# diff defaults.inc.php.bak defaults.inc.php
165c165
<      'verify_peer'  => true,
---
>      'verify_peer'  => false,

... so that the peer is not verified.

Best solution would probably be to leave 'verify_peer' set and have Roundcube to accept the Let's Encrypt certificate

P.S.: for further information you can read this thread: Roundcube "Connection to storage server failed"

The issue has been also independently replicated by @Mark Muyskens
YOUR EXPECTATIONS FROM PLESK SERVICE TEAM:
Confirm bug
 
Last edited:
Thank you for report!
Issue was confirmed and submitted as PPPM-8078
 
I'm having the exact same issue.

Removing the LE certificate didn't help..

updated the verify_peer variable to false, but no success..

Anyone have an idea how I can make this work again? I'm in big need...
 
Hello!

If you have updated the verify_peer variable to false and you're still unable to connect, then I'm afraid you are not having the "exact same issue", but just the "exact same symptoms": you're much better off opening a separate issue in Plesk Onyx for Linux, maybe citing the fact that you have already corrected verify_peer...
 
Hey,

I figured it out! I previously updated the commented verify_peer variable (silly me). Now that I updated the real one it's fixed!

Regards
 
frdho said:
The iasue has resurfaced. Any ideai what could cause it again after I fixed it?
Click to expand...

Every update of Roundcube could make it resurface... Had a simalar issue witch came back like 6 times now becauce the defaults.inc.php file gets overwritten
 
I fixed it again and locked the roundcube package for updates.

I really want to avoid updating this one automatically. This should avoid it right?

Not nice to have customers that keep having this.
 
frdho said:
I really want to avoid updating this one automatically. This should avoid it right?
Click to expand...
Yes, I guess this will do (at least until the bug is fixed, something I honestly expect for ME #2...).
I also tried setting defaults.inc.php as "immutable" and this too worked but the real effect was that Roundcube updates failed, so I think yours is a better solution.
 
Sergio Manzi said:
Not according my experience: in #2 the sieve rules engine has been changed to managesieve, but I had to apply the fix manually to have it working (see my comment in the cited thread...)
Click to expand...

Yes, and finally this issue has been fixed with the current one because we disabled verify_peer in configuration:)
 
i have same problem with roundcube, whenever i try to access my webmail this message appear on the sreen" Server connection storage has failed".

Help please
 
We've had the same issue today as we upgraded to the latest Plesk microupdates.

Issue is that in /usr/share/psa-roundcube/config/defaults.inc.php the variable "default_host" has been changed from 'localhost' to 'ssl://localhost', and default_port has been changed from 143 to 993. However, a test on localhost/993 shows that the service is unresponsive:

Code: 
# openssl s_client -connect localhost:993 -starttls imap
CONNECTED(00000003)

This hangs forever.

I havent debugged yet why localhost:993 isn't responding, but changing the parameters in defaults.inc.php solved the issue for now.
 
You must log in or register to reply here.

Similar threads

J
Issue Let's encrypt for Plesk cannot be renewed status 500
Replies
1
Views
348
Sebahat.hadzhi
Sebahat.hadzhi
L
Issue ( authorization token is unavailable ) Could not issue/renew Let`s Encrypt certificates
Replies
7
Views
348
Leta
L
P
Resolved PLESK 18.0.60 Problems to configure mails / Certificates, etc.
Replies
8
Views
760
mow
M
R
Issue SSL/TLS cert for mail server not updating (Lets Encrypt)
Replies
2
Views
889
tessa67
T
T
Resolved connection webmail to mailserver fails
Replies
8
Views
2K
Strangelove
Strangelove
Back
Top