[BlueOnyx:25134] Re: Quickfix for BO servers with certificates that are old or doesn't work anymore!!!
Rickard Osser
rickard.osser at bluapp.com
Thu Sep 30 08:05:19 -05 2021
Hi Michael,
a related but not the same problem.
dovecot wasn't using the chained certificate correctly with the copied
cert-files.
I manually copied /etc/admserv/certs/nginx_cert_ca_combined to both
ca.pem and dovecot.pem in /etc/pki/dovecot/.
After that openssl s_client reported correct certs for the server on
ports 993 and 995.These are all 5210R.
Best regards,Rickard
On Thu, 2021-09-30 at 07:10 -0500, Michael Stauber wrote:
> Hi Rickard,
> > It might be something with Let's Encrypts changed root-certs .
>
> Not sure. I checked which intermediates the newly issued certs used
> andboth the R3 (expiry: 2025) and the X1 (expiry: 2035) were fresh.
> If you're still running 5208R's or if you don't have the recent ca-
> certsOS-update, then there might indeed be an issue.
> Anyway: I'll push an acme-client update into the pipe. It's about
> timefor it anyway.
--
Bluapp AB
Rickard Osser
CTO
Solberga Ängsväg 3
125 44 Älvsjö
Sweden
Web: http://www.bluapp.com
Mail: rickard.osser at bluapp.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20210930/0dcb17da/attachment.html>
More information about the Blueonyx
mailing list