Sam Varshavchik writes:
Mark Constable writes:I finally have a 0.76.0 ubuntu install to test and trying to get this to work...> - courier, courier-imap: add support for TLS SNI when Courier is built with OpenSSL.I've added this vhost settings but no sign the LetsEncrypt certificate is being delivered to Thunderbird. ~ ls -1 /etc/courier/*renta.net defaultdomain.ded1649.renta.net dsnfrom.ded1649.renta.net esmtpd.pem.ded1649.renta.net -> ../ssl/ded1649.renta.net/mailserver.pem imapd.pem.ded1649.renta.net -> ../ssl/ded1649.renta.net/mailserver.pem vhost.ded1649.renta.net ../ssl/ded1649.renta.net/mailserver.pem does exist and the default one for the canonical host does work okay. Is there some other settings I am missing?No, there are no other settings, presuming TLS_CERTFILE in imapd-ssl points to imapd.pem, and Thunderbird is configured with the given hostname.
A debugging tip.Find the pid that's listening on localhost, then run strace on it. In my case it's pid 15018.
# strace -s 256 -f -o z -p 15018 Then, use couriertls like this: TLS_TRUSTCERTS=/etc/pki/tls/cert.pem TLS_VERIFYPEER=none couriertls \ -host=localhost -port=143 -protocol=imap -verify=localhostFedora installs all trusted certs in /etc/pki/tls/cert.pem; use the equivalent for Debian, Ubuntu, etc…
The connection attempt will fail to verify the "localhost" certificate, of course. That's fine. Then:
# grep imapd.pem z2734 access("/usr/lib/courier-imap/share/imapd.pem.localhost", R_OK) = -1 ENOENT (No such file or directory)
2734 access("/usr/lib/courier-imap/share/imapd.pem", R_OK) = 0 2734 open("/usr/lib/courier-imap/share/imapd.pem", O_RDONLY) = 10 That shows that the server process tried to open imapd.pem.localhost, first.There's a harmless debugging message there, that slipped by me, that I'll need to remove.
pgpOOnMtjbxaB.pgp
Description: PGP signature
------------------------------------------------------------------------------ Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users