• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:
    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue TLS: SSL_read failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL a

Bludau Media

Bludau Media

New Pleskian
My error Message is:

Jan 15 10:59:16 mail dovecot: imap-login: Disconnected (no auth attempts ics): user=<>, rip=77.179.18.XXX, lip=XXX.XXX.XXX.XXX, TLS: SSL_read failed: e4094412:SSL routines:ssl3_read_bytes:sslv3
alert bad certificate: SSL alert number 42

/etc/dovecot/private/
+ dovecot.pem
+ ssl-cert-and-key.pem

are existing. If i change to let's encrypt i see that the dovecot.pem date is changing.

i can't use Email Clients with START TLS / SSL. Without it works and i can receive the emails.
 
please take into consider to tell a bit more in detail,like which clients. There are several knowledgebase articles around about this issue with different solutions. and how looks like your /etc/dovecot/conf.d/11-plesk-security-ssl.conf
 
it seems to be an invalid SSL-Cert.
i have changed the PTR DNS Record to a lokal domain not the default servername by the hoster Server4you.
Than i changed the serverpool certs to lets encrypt with a new domain mail.luvotec.de for example.

my /etc/dovecot/conf.d/11-plesk-security-ssl.conf show this

ssl_cipher_list=EECDH+AESGCM+AES128:EECDH+AESGCM+AES256:EECDH+CHACHA20:EDH+AESG$
ssl_protocols = TLSv1 TLSv1.1 TLSv1.2
ssl_min_protocol=TLSv1
ssl_prefer_server_ciphers=yes
ssl_dh=</usr/local/psa/etc/dhparams1024.pem
ssl=yes
ssl_cert=</etc/dovecot/private/dovecot.pem
ssl_key=</etc/dovecot/private/dovecot.pem

i have several root servers at Server4you but only this Server isn't working.
i've migrated the data from one server to another.
There is a little bug the "Email Server functionaly working with plesk is disabled" and really no email server cert is setup (means not the default self signed cert)
 
-->--

SMTPS

echo | openssl s_client -connect xxx.xxx.xxx.xxx:993 2>&1 -tls1_2 | openssl x509 -noout -text | grep 'CN\|Issuer\|Not After\|DNS'
Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
Not After : Apr 14 08:47:44 2020 GMT
Subject: CN=mail.luvotec.de
CA Issuers - URI:http://cert.int-x3.letsencrypt.org/
DNS:mail.luvotec.de

-->--

IMAPS

echo | openssl s_client -connect xxx.xxx.xxx.xxx:465 2>&1 -tls1_2 | openssl x509 -noout -text | grep 'CN\|Issuer\|Not After\|DNS'
Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
Not After : Apr 14 08:47:44 2020 GMT
Subject: CN=mail.luvotec.de
CA Issuers - URI:http://cert.int-x3.letsencrypt.org/
DNS:mail.luvotec.de

-->--
 
You must log in or register to reply here.

Similar threads

J
Issue DEBIAN 12 OPENSSL 3.0 DOVECOT does not allow login
Replies
1
Views
671
Yaroslav_T
Yaroslav_T
M
Resolved Error SSL Cert for email
Replies
7
Views
755
mihaitiberiu
M
defcon8
Issue SMTP SSL Certificate Expired
Replies
2
Views
656
defcon8
defcon8
S
Resolved Dovecot Broken After Latest Update
Replies
4
Views
1K
scpcomp
S
B
Issue ERROR MAIL error:0A000102:SSL
Replies
1
Views
3K
Peter Debik
P
Back
Top