• The APS Catalog has been deprecated and removed from all Plesk Obsidian versions.
    Applications already installed from the APS Catalog will continue working. However, Plesk will no longer provide support for APS applications.
  • Please be aware: with the Plesk Obsidian 18.0.78 release, the support for the ngx_pagespeed.so module will be deprecated and removed from the sw-nginx package.

Issue TLS: SSL_read failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL a

Bludau Media

Bludau Media

New Pleskian
My error Message is:

Jan 15 10:59:16 mail dovecot: imap-login: Disconnected (no auth attempts ics): user=<>, rip=77.179.18.XXX, lip=XXX.XXX.XXX.XXX, TLS: SSL_read failed: e4094412:SSL routines:ssl3_read_bytes:sslv3
alert bad certificate: SSL alert number 42

/etc/dovecot/private/
+ dovecot.pem
+ ssl-cert-and-key.pem

are existing. If i change to let's encrypt i see that the dovecot.pem date is changing.

i can't use Email Clients with START TLS / SSL. Without it works and i can receive the emails.
 
please take into consider to tell a bit more in detail,like which clients. There are several knowledgebase articles around about this issue with different solutions. and how looks like your /etc/dovecot/conf.d/11-plesk-security-ssl.conf
 
it seems to be an invalid SSL-Cert.
i have changed the PTR DNS Record to a lokal domain not the default servername by the hoster Server4you.
Than i changed the serverpool certs to lets encrypt with a new domain mail.luvotec.de for example.

my /etc/dovecot/conf.d/11-plesk-security-ssl.conf show this

ssl_cipher_list=EECDH+AESGCM+AES128:EECDH+AESGCM+AES256:EECDH+CHACHA20:EDH+AESG$
ssl_protocols = TLSv1 TLSv1.1 TLSv1.2
ssl_min_protocol=TLSv1
ssl_prefer_server_ciphers=yes
ssl_dh=</usr/local/psa/etc/dhparams1024.pem
ssl=yes
ssl_cert=</etc/dovecot/private/dovecot.pem
ssl_key=</etc/dovecot/private/dovecot.pem

i have several root servers at Server4you but only this Server isn't working.
i've migrated the data from one server to another.
There is a little bug the "Email Server functionaly working with plesk is disabled" and really no email server cert is setup (means not the default self signed cert)
 
-->--

SMTPS

echo | openssl s_client -connect xxx.xxx.xxx.xxx:993 2>&1 -tls1_2 | openssl x509 -noout -text | grep 'CN\|Issuer\|Not After\|DNS'
Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
Not After : Apr 14 08:47:44 2020 GMT
Subject: CN=mail.luvotec.de
CA Issuers - URI:http://cert.int-x3.letsencrypt.org/
DNS:mail.luvotec.de

-->--

IMAPS

echo | openssl s_client -connect xxx.xxx.xxx.xxx:465 2>&1 -tls1_2 | openssl x509 -noout -text | grep 'CN\|Issuer\|Not After\|DNS'
Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
Not After : Apr 14 08:47:44 2020 GMT
Subject: CN=mail.luvotec.de
CA Issuers - URI:http://cert.int-x3.letsencrypt.org/
DNS:mail.luvotec.de

-->--
 
You must log in or register to reply here.

Similar threads

austriadesign
Issue Custom Dovecot Config fails (2.4) – Need Help
Replies
0
Views
2K
austriadesign
austriadesign
Polli
Issue Mails only possible with a wildcard certificate
Replies
5
Views
4K
Polli
Polli
J
Issue DEBIAN 12 OPENSSL 3.0 DOVECOT does not allow login
Replies
1
Views
4K
Yaroslav_T
Yaroslav_T
J
Forwarded to devs fail2ban plesk-doecot not matching failed logins
Replies
4
Views
2K
HHawk
HHawk
M
Resolved Error SSL Cert for email
Replies
7
Views
3K
mihaitiberiu
M
Back
Top