-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I am seeing these in the mail log, after a recent update (the machine is using Leap 15.4, but I have seen them in a 15.5 machine too (did not study those)): <2.6> 2023-12-27T19:48:49.449784+01:00 Telcontar dovecot - - - imap-login: Disconnected: Connection closed: SSL_accept() failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42 (no auth attempts in 0 secs): user=<>, rip=192.168.2.19, lip=192.168.1.14, TLS handshaking: SSL_accept() failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42, session=<7qHpP4INzunAqAIT> <2.6> 2023-12-27T19:48:49.459538+01:00 Telcontar dovecot - - - imap-login: Disconnected: Connection closed: SSL_accept() failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42 (no auth attempts in 0 secs): user=<>, rip=192.168.2.19, lip=192.168.1.14, TLS handshaking: SSL_accept() failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42, session=<aqPpP4INwunAqAIT> And Thunderbird can not open some folders. I have this in my notes from the previous time it happened (in July): Regenerate certificates. +++.................... cd /etc/dovecot rm /etc/ssl/private/dovecot.pem rm /etc/ssl/private/dovecot.crt bash mkcert.sh time openssl dhparam -out /etc/dovecot/dh.pem 4096 Delete certificate in Thunderbird (settings, search for "cert"), Manage Certificates, Servers tab. Then "Get messages / "cer", authorize cert. ....................++- "mkcert.sh" is the one from /usr/share/dovecot/, as well as "dovecot-openssl.cnf" (edited, of course). The certificates are recent: Telcontar:/etc/dovecot # ls -l /etc/ssl/private/dovecot.* /etc/dovecot/dh.pem - -rw-r--r-- 1 root root 769 Jul 2 15:01 /etc/dovecot/dh.pem - -rw------- 1 root root 1066 Jul 2 14:41 /etc/ssl/private/dovecot.crt - -rw------- 1 root root 912 Jul 2 14:41 /etc/ssl/private/dovecot.pem Telcontar:/etc/dovecot # So they can't be expired. The dovecot config is correct, AFAICS: Telcontar:/etc/dovecot # egrep -v "^[[:space:]]*$|^#" /etc/dovecot/conf.d/10-ssl.conf ssl_dh = </etc/dovecot/dh.pem ssl_cipher_list = ALL:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH ssl_prefer_server_ciphers = yes ssl_options = no_compression Telcontar:/etc/dovecot # In Thunderbird, I have deleted the certificate, per my notes. The intention is that Thunderbird will now complain about the certificate, and I can add an exception, but it is not asking. I also restarted TB. What can I do? (Google is not helping) - -- Cheers Carlos E. R. (from 15.4 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iHoEARECADoWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCZYx3IRwccm9iaW4ubGlz dGFzQHRlbGVmb25pY2EubmV0AAoJELUzGBxtjUfViecAn2mf+iXezQMraoR6HRPz GknrZ/gYAJ0aoSZ5AVYXptI12pVcnfThv0ipJw== =tyO5 -----END PGP SIGNATURE-----