search

RainLoop / rainloop-webmail

Simple, modern & fast web-based email client
http://rainloop.net
MIT License
4.1k stars 881 forks source link

SSL routines:ssl3_get_server_certificate:certificate verify failed #1220

Open cmonty14 opened 7 years ago

cmonty14 commented 7 years ago

RainLoop version, browser, OS:

1.10.4.183

Expected behavior and actual behavior:

Cannot connect to mailserver IMAP and SMTP using SSL/TLS with standard ports 993 and 465 respectively.

Steps to reproduce the problem:

Domain - Administration - klick "test"

Logs or screenshots:

`[14:26:54.640][f67cd494] SMTP[NOTE]: Start connection to "ssl://mehl.biszumbitterenen.de:465"

[14:26:54.699][f67cd494] SMTP[NOTICE]: Socket: [2] stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed [14:26:54.699][f67cd494] SMTP[NOTICE]: exception 'MailSo\Net\Exceptions\SocketCanNotConnectToHostException' with message 'Can't connect to host "ssl://mehl.biszumbitterenen.de:465"' in /var/www/mail/rainloop/rainloop/v/1.10.4.183/app/libraries/MailSo/Net/NetClient.php:292 Stack trace:

0 /var/www/mail/rainloop/rainloop/v/1.10.4.183/app/libraries/MailSo/Smtp/SmtpClient.php(168): MailSo\Net\NetClient->Connect('mehl.biszumbitt...', 465, 1, true, false)

1 /var/www/mail/rainloop/rainloop/v/1.10.4.183/app/libraries/RainLoop/Actions.php(4181): MailSo\Smtp\SmtpClient->Connect('mehl.biszumbitt...', 465, 'mehl.biszumbitt...', 1, true, false)

2 [internal function]: RainLoop\Actions->DoAdminDomainTest()

3 /var/www/mail/rainloop/rainloop/v/1.10.4.183/app/libraries/RainLoop/ServiceActions.php(172): call_user_func(Array)

` 2016-10-15_154821

There's no issue with other mail clients, e.g. Thunderbird using the same connection protocol / port. Connecting with Roundcube is working, too.

Where is RainLoop looking for the SSL certificate? In a specific directory of the webserver? I have configured a reverse proxy (HAproxy) serving all SSL certificates.

THX

sjorge commented 6 years ago

I'm also hitting this error.

Adrian-Voelker commented 4 years ago

Me too. Any progress on this?

zorino commented 4 years ago

version 1.14.0 still seems to be affected by this problem with a Let's encrypt X3 certificate..

Xelo commented 4 years ago

Hey all, just finished setting up a new mail server tomav/docker-mailserver container, and ran into an issue that TLS with Rainloop and Thunderbird didnt work. I obtain my SSL via Caddy, but I had to disable old cipher in the postfix config. This is how my postfix ciphers are looking now and everything is working fine with STARTTLS and SSL in Rainloop and Thunderbird.

smtpd_tls_protocols = TLSv1.2, TLSv1.1, !TLSv1, !SSLv2, !SSLv3
smtp_tls_protocols = TLSv1.2, TLSv1.1, !TLSv1, !SSLv2, !SSLv3
smtp_tls_ciphers = high
smtpd_tls_ciphers = high
smtpd_tls_mandatory_protocols = TLSv1.2, TLSv1.1, !TLSv1, !SSLv2, !SSLv3
smtp_tls_mandatory_protocols = TLSv1.2, TLSv1.1, !TLSv1, !SSLv2, !SSLv3
smtp_tls_mandatory_ciphers = high
smtpd_tls_mandatory_ciphers = high

smtpd_tls_mandatory_exclude_ciphers = MD5, DES, ADH, RC4, PSD, SRP, 3DES, eNULL, aNULL
smtpd_tls_exclude_ciphers = MD5, DES, ADH, RC4, PSD, SRP, 3DES, eNULL, aNULL
smtp_tls_mandatory_exclude_ciphers = MD5, DES, ADH, RC4, PSD, SRP, 3DES, eNULL, aNULL
smtp_tls_exclude_ciphers = MD5, DES, ADH, RC4, PSD, SRP, 3DES, eNULL, aNULL
tls_preempt_cipherlist = yes

hope this might help you.