Control Web Panel
WebPanel => E-Mail => Dovecot => Topic started by: Felix on July 30, 2018, 04:27:53 PM
-
CWPpro version: 0.9.8.699
The default setup of dovecot SSL is incomplete and will cause issues with some devices/software when verifying the SSL connection/certificate.
To reproduce:
- Set the correct hostname of the server and get a free SSL (/admin/index.php?module=change_hostname)
- Rebuild the mail server with the correct certificate (/admin/index.php?module=postfix_manager)
- Check your config at https://www.sslshopper.com/ssl-checker.html. Insert hostname:995 and have a look
It will show you a broken certificate chain.
To correct this, open dovecot config file at /etc/dovecot/dovecot.conf and go to the line
ssl_cert = </etc/pki/tls/certs/hostname.crt
and correct it:
ssl_cert = </etc/pki/tls/certs/hostname.bundle
Then restart dovecot running the command
systemctl restart dovecot
-
thanks, fixed the issue with using pop3 through gmail! need that intermediate cert in the bundle.
-
Your fix also worked for me Felix, thank you! Is there a way to prevent the edited dovecot.conf file from being updated (i.e. lock in the above edit)? Thanks again for your contribution!
-
Wow, thank you so much Felix! I was struggling with this for SOOOO LONG...
Did anyone take this with the developer so it can be fixed permanently?
-
Felix,
I'm still having issues... I fixed the dovecot.conf file as you said and now the dovecot service starts up just fine. I also ran an SSL check (https://www.sslshopper.com/ssl-checker.html) and verified my SSL chain is not broken.
However, now when I try to access email using any client (such as Microsoft Outlook) I receive an error that says "We couldn't connect to the ongoing (SMTP) server using the specified encryption method. Please check the outgoing (SMTP) server encryption method and try again."
What other dovecot (or postfix) configuration options am I missing?
Keep in mind my email servers were running perfectly until I installed went to the CWP Panel -> Email -> MailServer Manager, checkmarked the three boxes: "AntiSpam/AntiVirus (recommended)", "rDNS Check (recommended)", and "Install DKIM & SPF (recommended)", then clicked the "Rebuild Mail Server" button. Whatever the configuration was prior to this worked great (could send/receive email without issue). Now... I'm just plain frustrated.
I appreciate your help.
Sincerely,
Matt
-
I have the same problem with this.
I can't use email throw SSL.
Is there plans to fix it ?
-
I see I already have this line
ssl_cert = </etc/pki/tls/certs/hostname.bundle
But still when I try to connect through domain name, the connection fails
-
I'm having the same problem here, has anyone found a solution?
-
I'm having the same problem here, has anyone found a solution?
Not really the same problem because the original poster already posted the solution that worked for everybody that replied.