Closed ngocnha closed 1 year ago
There are two things you can check:
openssl
:openssl s_client -showcerts -connect mail.my-server.com:8686 </dev/null # Replace with the SMTP URL
openssl s_client -showcerts -connect jmap.my-server.com:443 </dev/null # Replace with the JMAP URL
/usr/local/stalwart-smtp/etc/config.toml
and look for the [certificate]
section, it should look something like this:[certificate."default"]
cert = "file:///usr/local/stalwart-smtp/etc/certs/tls.crt"
private-key = "file:///usr/local/stalwart-smtp/etc/private/tls.key"
Then verify that cert
and private-key
are actually pointing to the Let's Encrypt certificate.
After following your suggestions, I realized that the certificate and path were correct. However, the certificate file I am using is a certificate chain that contains multiple certificates, including my certificate and the issuer certificates. JMAP management was able to read and work with the entire chain, but SMTP management only read the first certificate in the chain and failed.
I manually trusted the Let's Encrypt issuer certificate on my system, but the result did not change.
Ok Result:
Certificate chain 0 s:CN = mail.my-server.com i:C = US, O = Let's Encrypt, CN = R3 a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Jan 16 16:50:26 2023 GMT; NotAfter: Apr 16 16:50:25 2023 GMT -----BEGIN CERTIFICATE----- MIIFJzCCBA+gAwIBAgISA12Hr5Z028LYQDjgH1Ja090BMA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yMzAxMTYxNjUwMjZaFw0yMzA0MTYxNjUwMjVaMBwxGjAYBgNVBAM ...... ......
Bad Result
Certificate chain 0 s:CN = mail.my-server.com i:C = US, O = Let's Encrypt, CN = R3 a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Jan 16 16:50:26 2023 GMT; NotAfter: Apr 16 16:50:25 2023 GMT -----BEGIN CERTIFICATE----- MIIFJzCCBA+gAwIBAgISA12Hr5Z028LYQDjgH1Ja090BMA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yMzAxMTYxNjUwMjZaFw0yMzA0MTYxNjUwMjVaMBwxGjAYBgNVBAMT ...... ......
Fixed, this is latest result:
Certificate chain 0 s:CN = mail.my-server.com i:C = US, O = Let's Encrypt, CN = R3 a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Jan 16 16:50:26 2023 GMT; NotAfter: Apr 16 16:50:25 2023 GMT -----BEGIN CERTIFICATE----- MIIFJzCCBA+gAwIBAgISA12Hr5Z028LYQDjgH1Ja090BMA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yMzAxMTYxNjUwMjZaFw0yMzA0MTYxNjUwMjVaMBwxGjAYBgNVBAMT
Thanks again for the fix. I'll publish v0.1.1
shortly.
Failed to send GET request: error sending request for url (https://mail.my-server.com:8686/report/list?): error trying to connect: invalid peer certificate contents: invalid peer certificate: UnknownIssuer
I am using the same certificate obtained from Let's Encrypt and the same domain for both the JMAP server and SMTP, but while JMAP works perfectly, SMTP fails.