smtp with certificate validation

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

smtp with certificate validation

Nuno Dias
 Hi,

 In the smtp that I use in roundcubemail I have a self sign certificate
and use the port 587 to send authenticated mail, my configuration in
roundcubemail is

$config['smtp_server'] = 'tls://mysmtp.hostname';
$config['smtp_port'] = 587;

$config['smtp_conn_options'] = array(
      'ssl'         => array(
      'verify_peer'  => true,
      'verify_peer_name' => false,
      'verify_depth' => 5,
      'cafile'       => '/etc/pki/dovecot/certs/mycert',
   ),
);


 And this works, but I'm trying to change my self signed certificate to
 letsencrypt, I changed in my smtp to the new certificate and works
(tested with a desktop client mail).

 In my roundcubemail I change the cafile to this

 'cafile'       => '/etc/letsencrypt/live/mysmtp.hostname/chain.pem',

 But doesn't work, when I try to send mail I have this error in logs

ERROR: STARTTLS failed ()
ERROR: Invalid response code received from server (-1)
ERROR: Invalid response code received from server (-1)
SMTP Error: Authentication failure: STARTTLS failed (Code: ) in
/usr/share/roundcubemail/program/lib/Roundcube/rcube.php on line 1673
(POST
/?_task=mail&_unlock=loading1529146163891&_lang=en&_framed=1&_action=se
nd)

 The only way that works is to disable verify_peer, is anyone using
letsencrypt like this and has the same problem?

Thanks,
Nuno
--
Nuno Dias <[hidden email]>
LIP
_______________________________________________
Roundcube Users mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/users