• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Issue TLS: SSL_read failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL a

Bludau Media

Bludau Media

New Pleskian
My error Message is:

Jan 15 10:59:16 mail dovecot: imap-login: Disconnected (no auth attempts ics): user=<>, rip=77.179.18.XXX, lip=XXX.XXX.XXX.XXX, TLS: SSL_read failed: e4094412:SSL routines:ssl3_read_bytes:sslv3
alert bad certificate: SSL alert number 42

/etc/dovecot/private/
+ dovecot.pem
+ ssl-cert-and-key.pem

are existing. If i change to let's encrypt i see that the dovecot.pem date is changing.

i can't use Email Clients with START TLS / SSL. Without it works and i can receive the emails.
 
please take into consider to tell a bit more in detail,like which clients. There are several knowledgebase articles around about this issue with different solutions. and how looks like your /etc/dovecot/conf.d/11-plesk-security-ssl.conf
 
it seems to be an invalid SSL-Cert.
i have changed the PTR DNS Record to a lokal domain not the default servername by the hoster Server4you.
Than i changed the serverpool certs to lets encrypt with a new domain mail.luvotec.de for example.

my /etc/dovecot/conf.d/11-plesk-security-ssl.conf show this

ssl_cipher_list=EECDH+AESGCM+AES128:EECDH+AESGCM+AES256:EECDH+CHACHA20:EDH+AESG$
ssl_protocols = TLSv1 TLSv1.1 TLSv1.2
ssl_min_protocol=TLSv1
ssl_prefer_server_ciphers=yes
ssl_dh=</usr/local/psa/etc/dhparams1024.pem
ssl=yes
ssl_cert=</etc/dovecot/private/dovecot.pem
ssl_key=</etc/dovecot/private/dovecot.pem

i have several root servers at Server4you but only this Server isn't working.
i've migrated the data from one server to another.
There is a little bug the "Email Server functionaly working with plesk is disabled" and really no email server cert is setup (means not the default self signed cert)
 
-->--

SMTPS

echo | openssl s_client -connect xxx.xxx.xxx.xxx:993 2>&1 -tls1_2 | openssl x509 -noout -text | grep 'CN\|Issuer\|Not After\|DNS'
Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
Not After : Apr 14 08:47:44 2020 GMT
Subject: CN=mail.luvotec.de
CA Issuers - URI:http://cert.int-x3.letsencrypt.org/
DNS:mail.luvotec.de

-->--

IMAPS

echo | openssl s_client -connect xxx.xxx.xxx.xxx:465 2>&1 -tls1_2 | openssl x509 -noout -text | grep 'CN\|Issuer\|Not After\|DNS'
Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
Not After : Apr 14 08:47:44 2020 GMT
Subject: CN=mail.luvotec.de
CA Issuers - URI:http://cert.int-x3.letsencrypt.org/
DNS:mail.luvotec.de

-->--
 
You must log in or register to reply here.

Similar threads

B
Issue ERROR MAIL error:0A000102:SSL
Replies
1
Views
2K
Peter Debik
P
L
Resolved IMAP not working with STARTTLS or SSL/TLS Mailserver Dovecot Problem
Replies
3
Views
2K
lberens
L
Endre
Issue Unable to access the remote backup storage using SFTP
Replies
6
Views
1K
Endre
Endre
K
Issue Dovecot backup/sync to second server fails - Error: auth-master: userdb lookup
Replies
0
Views
1K
kassi
K
I
Resolved Error with certificate on Thunderbird
Replies
18
Views
9K
marvin
marvin
Back
Top