1

Topic: SSL : certificate unknown

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.84
- Linux/BSD distribution name and version: debian 8 jessie
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):  mysql
- Web server (Apache or Nginx): nginx
- Manage mail accounts with iRedAdmin-Pro? no
- Related log if you're reporting an issue:
====

I have search and try to fix for a week but I have no clue what happen with this error.

Postfix and dovecot error same error but just some ip. Which is mostly from mobile ip.
I have no client complain about any connect mail server problem.

So this is could be some kind hack.

Error: SSL: Stacked error: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown: SSL alert number 46

i have check command openssl all ok.
i have check login none of error.

But it have been since I have revoke and renew ssl.


Thank you

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: SSL : certificate unknown

*) Maybe the client still uses SSLv3 and you didn't it in Postfix/Dovecot?
*) Or, clients use weak ssl ciphers, but your Postfix/Dovecot force clients to use stronger ones?

3

Re: SSL : certificate unknown

I have about 20,000 line of error per day.
Do I need to worry?
Can I fix on our side?

Thank you

4

Re: SSL : certificate unknown

Did you get any (phone, email) support requests from your end users? If no, that means those were all spammers.

5 (edited by selea 2017-08-09 14:45:44)

Re: SSL : certificate unknown

jackavin wrote:

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.84
- Linux/BSD distribution name and version: debian 8 jessie
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):  mysql
- Web server (Apache or Nginx): nginx
- Manage mail accounts with iRedAdmin-Pro? no
- Related log if you're reporting an issue:
====

I have search and try to fix for a week but I have no clue what happen with this error.

Postfix and dovecot error same error but just some ip. Which is mostly from mobile ip.
I have no client complain about any connect mail server problem.

So this is could be some kind hack.

Error: SSL: Stacked error: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown: SSL alert number 46

i have check command openssl all ok.
i have check login none of error.

But it have been since I have revoke and renew ssl.


Thank you

Are you using Let's Encrypt or a self signed certificate by any chance? The Gmail application in Android does not like LE.
Also, emailclients on android does also give that errormsg when the certificate itself has changed.

I had this "problem" last week after I changed my certificate, I had to change from "STARTTLS accept all certificates" to "STARTTLS" in the gmail app and Thunderbird on the clients. After that - the error dissappeared.