-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday, 2023-12-30 at 08:57 +0300, Andrei Borzenkov wrote:
On 29.12.2023 23:58, Carlos E. R. wrote:
On 2023-12-29 21:11, Togan Muftuoglu via openSUSE Users wrote:
>> "CER" == Carlos E R > writes:
...
But the main question is if it is your internal lan why do you even need ssl certificate at all. just set dovecot not to listen ssl ports and don't ask for tls settings.
Because from laptop to main computer, in the LAN, it doesn't work without SSL.
That's becoming ridiculous. You need SSL because you configured your systems to use SSL. Configure your systems to not use SSL.
Some software I was using, I do not remember which, demanded SSL. And that was not a problem at the time, because TB just made exceptions fine.
The problem is Thunderbird actually, not dovecot. Thunderbird, in the current profile, in two computers, does not ask about the certificate, does not prompt to make an exception. A new profile does work, but creating a new profile with all the accounts is a quite large undertaking.
You have been told multiple times to use the real trusted CA to obtain your certificates. You refuse to do it. Now you pay the price of refusing to do it.
How can I use an external true certificate, when I have no real domain name?
Previously it did work.
Without knowing what "previously" means exactly it does not offer any starting point. "Previously" Internet worked without SSL at all.
Months ago. It started happening on 2023-06-15T13:46:55 with connections from the laptop to the desktop. Laptop has Leap 15.5, desktop has 15.4 cer@Telcontar:~> zgrep "SSL alert number 42" /var/log/mail*z | less archived logs start on /var/log/mail-20230103.xz (2022-12-04), problem entries start here: /var/log/mail-20230703.xz:<2.6> 2023-06-15T13:46:55.903964+02:00 Telcontar dovecot - - - imap-login: Disconnected: Connection closed: SSL_accept() failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42 (no auth attempts in 0 secs): user=<>, rip=192.168.1.126, lip=192.168.1.14, TLS handshaking: SSL_accept() failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42, session=<fnMNoCn+hqnAqAF+> (older laptop; new laptop home was a clone from this one) /var/log/mail-20230703.xz:<2.6> 2023-06-15T13:55:21.927621+02:00 Telcontar dovecot - - - imap-login: Disconnected: Connection closed: SSL_accept() failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42 (no auth attempts in 0 secs): user=<>, rip=192.168.2.17, lip=192.168.1.14, TLS handshaking: SSL_accept() failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42, session=<YMI2vin+2qDAqAIR> (new laptop, home clone made) and continue till I departed from home: /var/log/mail-20231226.xz:<2.6> 2023-08-14T14:03:48.444949+02:00 Telcontar dovecot - - - imap-login: Disconnected: Connection closed: SSL_accept() failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42 (no auth attempts in 0 secs): user=<>, rip=192.168.2.19, lip=192.168.1.14, TLS handshaking: SSL_accept() failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42, session=<aBri2uAC0p3AqAIT> and continued when I came back from my travel: /var/log/mail-20231226.xz:<2.6> 2023-12-13T04:42:10.399887+01:00 Telcontar dovecot - - - imap-login: Disconnected: Connection closed: SSL_accept() failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42 (no auth attempts in 1 secs): user=<>, rip=192.168.2.22, lip=192.168.1.14, TLS handshaking: SSL_accept() failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42, session=<N8Gy81sMbMbAqAIW> These connections are just automatic attempts by the Thunderbird in the laptop to check for new email every 10 minutes on the desktop imap server. I was not looking at them, I don't normally need this. The connections from desktop TB to desktop Dovecot are not logged, yet they fail. All that time, the connections from TB on desktop to dovecot on desktop were working. I did not realize the logs were talking about the laptop, so I renewed the certificate on the desktop machine this month, and then the current problem started, because the current TB is unable to make an exception for the new certificate. It doesn't even ask. The connection from laptop TB to laptop dovecot is working perfectly. It has an exception in place and I have not touched it. Problem will be when the certificate expires. [...] The issue was solved by you finding how to tell TB to prompt about the certificate, in another post I happened to read before sending this. Thankyou! :-) - -- Cheers, Carlos E. R. (from openSUSE 15.4 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iHoEARECADoWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCZZAcXxwccm9iaW4ubGlz dGFzQHRlbGVmb25pY2EubmV0AAoJELUzGBxtjUfVDYcAnirYqDyVXu+xOYU0RjGp +Jvxb/EvAJ9PEUoqyLSZ8CBh6BwaO05iiPwGfA== =fAWj -----END PGP SIGNATURE-----