Dovecot SSL not trusted/no SNI

Dovecot SSL not trusted/no SNI

I have Let’s Encrypt certificates installed on my DirectAdmin server. This was never any problem and everything worked fine. Since last tuesday my certificates renewed automatically and since that time Dovecot is giving problems. When I use a phone to read my e-mail through POP3 or IMAP it says that the certificate is not trusted. Googling around I think that this is a problem with the CA certificate.

I’ve checked my certificate using: https://certlogik.com/ssl-checker/
It tells me that my certificate is not trusted. All other tests or fine.

My Dovecot.conf says:

Quote:

ssl_cert = </etc/httpd/conf/ssl.crt/server.crt
ssl_cipher_list = ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
ssl_key = </etc/httpd/conf/ssl.key/server.key


In that same /etc/httpd/conf/ssl.crt folder is also a server.ca file present. So I added the following line to the Dovecot.conf file:

Quote:

ssl_ca = </etc/httpd/conf/ssl.crt/server.ca


After restarting Dovecot the ssl-checker on certlogik says everything is fine and the certificate is now trusted. Huray!

But… after testing mail on the phone again I get another error telling me the hostname is invalid for this certificate. The certificate is for my server hostname (like: server01.hoster.com) and my clients connect with their own hostname (like: imap.clientdomain.com). Is this an SNI problem? If yes, how to solve this from Dovecot?


Comments are closed.