• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion
  • Inviting everyone to the UX test of a new security feature in the WP Toolkit
    For WordPress site owners, threats posed by hackers are ever-present. Because of this, we are developing a new security feature for the WP Toolkit. If the topic of WordPress website security is relevant to you, we would be grateful if you could share your experience and help us test the usability of this feature. We invite you to join us for a 1-hour online session via Google Meet. Select a convenient meeting time with our friendly UX staff here.

Forwarded to devs Roundcube "Connection to storage server failed" when securing mail with Let's Encrypt certificate

Sergio Manzi

Sergio Manzi

Regular Pleskian
TITLE:
Roundcube "Connection to storage server failed" when securing mail with Let's Encrypt certificate
PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE:
Plesk 17.8.10 (upgraded from 17.5.3#40)
CentOS 7.4.1708, Kernel 3.10.0-693
PROBLEM DESCRIPTION:
If the mail subsystem is protected with an LE certificate Roundcube IMAP connection fails.​
STEPS TO REPRODUCE:
  • Start with a Postfix+Dovecot+Roundcube configuration where the mail subsystem is protected by the default self-signed certificate.

  • You can log into webmail, without any issue. Logout from it.

  • Now apply for an LE certificate and apply it to your mail subsystem (Tools & Settings -> SSL/TLS Certificates -> Certificate for securing mail)

  • Try to login to webmail again
ACTUAL RESULT:
You can't log in and a message appears on the Webmail login page: "Connection to storage server failed"

In dovecot log you will find an error message of this kind of diagnostic:
TLS handshaking: SSL_accept() failed: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca: SSL alert number 48,​
EXPECTED RESULT:
Be able to log into webmail, no error being issued​
ANY ADDITIONAL INFORMATION:
Apparently it is a problem with Roundcube not recognizing the LE certificate.

The issue can be bypassed by modifying /usr/share/psa-roundcube/config/defaults.inc.php
Code: 
# diff defaults.inc.php.bak defaults.inc.php
165c165
<      'verify_peer'  => true,
---
>      'verify_peer'  => false,

... so that the peer is not verified.

Best solution would probably be to leave 'verify_peer' set and have Roundcube to accept the Let's Encrypt certificate

P.S.: for further information you can read this thread: Roundcube "Connection to storage server failed"

The issue has been also independently replicated by @Mark Muyskens
YOUR EXPECTATIONS FROM PLESK SERVICE TEAM:
Confirm bug
 
Last edited:
Thank you for report!
Issue was confirmed and submitted as PPPM-8078
 
I'm having the exact same issue.

Removing the LE certificate didn't help..

updated the verify_peer variable to false, but no success..

Anyone have an idea how I can make this work again? I'm in big need...
 
Hello!

If you have updated the verify_peer variable to false and you're still unable to connect, then I'm afraid you are not having the "exact same issue", but just the "exact same symptoms": you're much better off opening a separate issue in Plesk Onyx for Linux, maybe citing the fact that you have already corrected verify_peer...
 
Hey,

I figured it out! I previously updated the commented verify_peer variable (silly me). Now that I updated the real one it's fixed!

Regards
 
frdho said:
The iasue has resurfaced. Any ideai what could cause it again after I fixed it?
Click to expand...

Every update of Roundcube could make it resurface... Had a simalar issue witch came back like 6 times now becauce the defaults.inc.php file gets overwritten
 
I fixed it again and locked the roundcube package for updates.

I really want to avoid updating this one automatically. This should avoid it right?

Not nice to have customers that keep having this.
 
frdho said:
I really want to avoid updating this one automatically. This should avoid it right?
Click to expand...
Yes, I guess this will do (at least until the bug is fixed, something I honestly expect for ME #2...).
I also tried setting defaults.inc.php as "immutable" and this too worked but the real effect was that Roundcube updates failed, so I think yours is a better solution.
 
Sergio Manzi said:
Not according my experience: in #2 the sieve rules engine has been changed to managesieve, but I had to apply the fix manually to have it working (see my comment in the cited thread...)
Click to expand...

Yes, and finally this issue has been fixed with the current one because we disabled verify_peer in configuration:)
 
i have same problem with roundcube, whenever i try to access my webmail this message appear on the sreen" Server connection storage has failed".

Help please
 
We've had the same issue today as we upgraded to the latest Plesk microupdates.

Issue is that in /usr/share/psa-roundcube/config/defaults.inc.php the variable "default_host" has been changed from 'localhost' to 'ssl://localhost', and default_port has been changed from 143 to 993. However, a test on localhost/993 shows that the service is unresponsive:

Code: 
# openssl s_client -connect localhost:993 -starttls imap
CONNECTED(00000003)

This hangs forever.

I havent debugged yet why localhost:993 isn't responding, but changing the parameters in defaults.inc.php solved the issue for now.
 
You must log in or register to reply here.

Similar threads

T
Resolved connection webmail to mailserver fails
Replies
8
Views
1K
Strangelove
Strangelove
Quinten
Resolved Lets Encrypt for mails server problem
Replies
2
Views
171
Quinten
Quinten
Azurel
Resolved Mail for "Let`s Encrypt certificates for ***** have been issued/renewed" missing?
Replies
2
Views
323
Azurel
Azurel
S
Question Mail subdomains with wrong TLS certificate (e.g. imap.example.tld)
Replies
1
Views
283
Kaspar
K
D
Issue Automatic renewal via SSLit doesn't work for wildcard certificates
Replies
0
Views
537
D3nnis3n
D
Back
Top