I just installed a new SSL Cert from Let’s Encrypt today using Axigen’s system to request it. I thought everything was working fine, but found that IMAP is having some issues. When I look at the log, I find:
IMAP Log
2020-10-15 21:22:58 -0600 16 Server IMAP:00000000: << SSL: client hello, remote 212.102.45.28:52384, version TLS 1.3 (0304)
2020-10-15 21:22:58 -0600 16 Server IMAP:00000000: << SSL: client hello, remote 212.102.45.28:52384, 15 cipher suites: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
2020-10-15 21:22:58 -0600 16 Server IMAP:00000000: << SSL: client hello, remote 212.102.45.28:52384, sni extension for domain.com
2020-10-15 21:22:58 -0600 16 Server IMAP:00000000: >> SSL: server hello, remote 212.102.45.28:52384, version TLS 1.2 (0303)
2020-10-15 21:22:58 -0600 16 Server IMAP:00000000: >> SSL: server hello, remote 212.102.45.28:52384, cipher suite c02f
2020-10-15 21:22:58 -0600 16 Server IMAP:00000000: >> SSL: server write cert, remote 212.102.45.28:52384, version TLS 1.2 (0303)
2020-10-15 21:22:58 -0600 16 Server IMAP:00000000: >> SSL: server write cert, remote 212.102.45.28:52384, certificate 1: serial xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
2020-10-15 21:22:58 -0600 02 Server IMAP:00000000: SSL alert remote 212.102.45.28:52384, undefined:fatal:certificate unknown
2020-10-15 21:23:32 -0600 16 Server IMAP:0000075C: << IXU6 NOOP
2020-10-15 21:23:32 -0600 16 Server IMAP:0000075C: >> IXU6 OK NOOP completed [0 msec]
2020-10-15 21:23:32 -0600 16 Server IMAP:0000075A: << DONE
2020-10-15 21:23:32 -0600 16 Server IMAP:0000075A: >> IXK8 OK IDLE completed [0 msec]
2020-10-15 21:23:32 -0600 16 Server IMAP:0000075A: << IXK9 NOOP
2020-10-15 21:23:32 -0600 16 Server IMAP:0000075A: >> IXK9 OK NOOP completed [0 msec]
2020-10-15 21:23:32 -0600 16 Server IMAP:0000075C: << IXU7 NOOP
2020-10-15 21:23:32 -0600 16 Server IMAP:0000075C: >> IXU7 OK NOOP completed [0 msec]
2020-10-15 21:23:32 -0600 16 Server IMAP:0000075C: << IXU8 NOOP
2020-10-15 21:23:32 -0600 16 Server IMAP:0000075C: >> IXU8 OK NOOP completed [0 msec]
2020-10-15 21:23:32 -0600 16 Server IMAP:0000075C: << IXU9 NOOP
2020-10-15 21:23:32 -0600 16 Server IMAP:0000075C: >> IXU9 OK NOOP completed [0 msec]
2020-10-15 21:23:32 -0600 16 Server IMAP:0000075A: << IXK10 IDLE
2020-10-15 21:23:32 -0600 16 Server IMAP:0000075A: >> + Expecting DONE
2020-10-15 21:23:33 -0600 02 Server IMAP:0000075C: SSL_read error:140E0197:SSL routines:SSL_shutdown:shutdown while in init
I’ve restarted the IMAP service and confirmed that the new cert is correctly on each of the Listeners. Could there be a problem with the Android phone not liking the cert?
Notes:
- I did see another article here with a similar error, but it doesn’t look to be the same issue.
- My last cert was NOT Let’s Encrypt due to a different problem. I’m reading that they’ve been making updates to their cert chain, so it might be that.