Hi,
Just changed it to RSA, still have the same kind of errors:
2023-09-12T09:32:42.528685+02:00 mx1 postfix/smtpd[903460]: SSL_accept
error from o167.p8.mailjet.com[87.253.233.167]: -1
2023-09-12T09:32:42.528920+02:00 mx1 postfix/smtpd[903460]: warning: TLS
library problem: error:0A000412:SSL routines::sslv3 alert bad
certificate:../ssl/record/rec_layer_s3.c:1586:SSL alert number 42:
Best regards,
Camille
Le 12/09/2023 à 09:06, Geert Hendrickx a écrit :
On Mon, Sep 11, 2023 at 18:26:18 -0400, Bill Cole via mailop wrote:
That's an indication that the client does not like your certificate.
As for why, see
https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
TL;DR: you need to fix the chain of trust for your certificate. You should
remove any reference to the 'DST Root CA X3' certificate. You may also need
to change how you maintain your certificate.
The reason is likely the certificate itself, not the chain; this server
offers (only) an ECC certificate, and while the vast majority of clients
are compatible with this today, some still only support RSA.
Whether you care about those clients is another question.
Geert
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
