-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday, 2023-12-27 at 23:16 -0600, David C. Rankin wrote:
On 12/27/23 13:12, Carlos E. R. wrote:
rip=192.168.2.19, lip=192.168.1.14, TLS handshaking: SSL_accept() failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42, session=<aqPpP4INwunAqAIT>
And Thunderbird can not open some folders.
Very, very long-running problem, e.g. https://bugzilla.mozilla.org/show_bug.cgi?id=1671736
Claims it is resolved -- it isn't and never has been. There is something botched in tbirds acceptance of a changed self-signed cert. I was hit with this just about every year as the cert expired until I finally just went to using Let's Encrypt real certificates (you can use the same cert for web and mail servers)
I'd load certbot and just get the free cert for your domain, set up your web and mail servers to use them and be done with it.
Can't and won't. I don't have a domain, this is all inside a LAN with a faked domain.
Otherwise, you can't get rid of the old cert cached somewhere in the tbird profile and you end up having to install new cert, restart dovecot, delete your mailbox from within tbird and re-create it and it will then, and only then, give you the ability to "create an exception" for your new self-signed cert.
Royal pain....
I found some instructions here: <https://unix.stackexchange.com/questions/123367/thunderbird-fails-to-connect-to-dovecot-and-postfix> * in the problematic email acount in incoming mail server settings I temporarily changed the address of the mail server, * I created a new account with correct incoming mails server adress, when receiving emails I accepted wtih no problem the certificate, * I deleted the new account. and I restored the correct address of the incoming mail server in the original account. (on step 1, I had to restart TB). Nah, doesn't work. The "new" account only sees "INBOX" folder. The old one sees them all (many cached), sees the mails (probably cached), but can read none. It gets stuck at "checking mail server capabilities" for a long time. Oh, it gave up silently without reading the message. This is in dovecot log entry: <2.6> 2023-12-28T21:01:33.228061+01:00 Telcontar dovecot - - - imap-login: Disconnected: Connection closed: SSL_accept() failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42 (no auth attempts in 0 secs): user=<>, rip=192.168.2.19, lip=192.168.1.14, TLS handshaking: SSL_accept() failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42, session=<svraYZcNvofAqAIT> <2.6> 2023-12-28T21:01:33.228453+01:00 Telcontar dovecot - - - imap-login: Disconnected: Connection closed: SSL_accept() failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42 (no auth attempts in 0 secs): user=<>, rip=192.168.2.19, lip=192.168.1.14, TLS handshaking: SSL_accept() failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42, session=<PfvaYZcNxIfAqAIT> I can work I TB by saying "security none". Huh, could, now it doesn't. Restart TB... now it works, after asking for my mail password (the user password to the Linux account). Alpine is /happy/ with my certificates: "O Gugle pus" {localhost/novalidate-cert/user=cer}in_gplus, - -- Cheers, Carlos E. R. (from openSUSE 15.4 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iHoEARECADoWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCZY3qLxwccm9iaW4ubGlz dGFzQHRlbGVmb25pY2EubmV0AAoJELUzGBxtjUfVp+cAn0n46RYMUoyRD1BEBYIo 0f84XLR8AJ4/Z6ROR0n82J5oVtg+FZJmjT/dTQ== =ItQl -----END PGP SIGNATURE-----