On 2023-12-27 20:12, Carlos E. R. wrote:
Summary:
I am seeing these in the mail log, after a recent update (the machine is using Leap 15.4, but I have seen them in a 15.5 machine too (did not study those)):
<2.6> 2023-12-27T19:48:49.449784+01:00 Telcontar dovecot - - - imap-login: Disconnected: Connection closed: SSL_accept() failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42 (no auth attempts in 0 secs): user=<>, rip=192.168.2.19, lip=192.168.1.14, TLS handshaking: SSL_accept() failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42, session=<7qHpP4INzunAqAIT>
(that was attempts to connect from laptop to desktop) ...
I have this in my notes from the previous time it happened (in July):
Regenerate certificates. +++.................... cd /etc/dovecot rm /etc/ssl/private/dovecot.pem rm /etc/ssl/private/dovecot.crt bash mkcert.sh time openssl dhparam -out /etc/dovecot/dh.pem 4096
Delete certificate in Thunderbird (settings, search for "cert"), Manage Certificates, Servers tab. Then "Get messages / "cer", authorize cert. ....................++-
...
In Thunderbird, I have deleted the certificate, per my notes. The intention is that Thunderbird will now complain about the certificate, and I can add an exception, but it is not asking. I also restarted TB.
What can I do?
The problem was that one has to click on the cloud mini-icon at the top left of the left hand panel in Thunderbird to "get messages", and then TB asks about the certificate and allows to make an exception. If you get to "get certificates" in some context menu, it doesn't work (today). If TB is attempting to connect in the background, it doesn't work. And that solved the problem for me :-) Some of you have insisted in me getting an external gratis certificate. Problem is, I don't have a true domain, but a faked one in my LAN. I understand they ask for a domain. Some of you have asked why have a certificate at all if all I am using it is in a LAN. Well, I'll answer with a question: why has telnet been deprecated, removed from the default distribution, and everybody insists in using ssh, even in a LAN? Well, the reason for using a certificate with email is the same as for using ssh in a LAN. I don't need authentication, but I do want encryption. -- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)