Re: is a self signed certificate always invalid the first time?

2017-08-09 Thread Remko Lodder
Alef, Certbot creates regular certificates that can be used by dovecot to get a “validated” connection to the mailserver. You obviously need to do the certbot walk to gain the certificate, but if you have it, you can use it for dovecot. Just refer to it in the configuration and you should be

Re: is a self signed certificate always invalid the first time?

2017-08-09 Thread Larry Rosenman
Yes, yes, and yes. This is what I do for https://webmail.lerctr.org, imap.lerctr.org, smtp.lerctr.org, et al. -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 E-Mail: larry...@gmail.com US Mail: 5708 Sabbia Drive, Round Rock, TX

Re: is a self signed certificate always invalid the first time?

2017-08-09 Thread Alef Veld
Cheers Remko and Ralph. I think there was some mention in the lets encrypt FAQ that certbot doesn't do email. But I understand I can use their generated very for dovecot, postfix and https? That would be good indeed. Anyone know of any manual, or can I just replace the certs in the dovecot and

Re: is a self signed certificate always invalid the first time?

2017-08-09 Thread Alef Veld
Great, i’ll try that out. > On 9 Aug 2017, at 17:20, Larry Rosenman wrote: > > Yes, yes, and yes. > > This is what I do for https://webmail.lerctr.org, imap.lerctr.org, > smtp.lerctr.org, et al. > > > -- > Larry Rosenman http://www.lerctr.org/~ler >

Re: is a self signed certificate always invalid the first time?

2017-08-09 Thread Alef Veld
Thanks Ralph, i’ll look into that. I think let’s encrypt uses certbot though and it can’t do email certificates (although i’m sure i can convert the cert i get from let’s encrypt, i’ll look into it. > On 9 Aug 2017, at 16:40, Ralph Seichter wrote: > > On

Re: Virtual mailboxes, index update issues

2017-08-09 Thread Stefan Hagen
Hello Teemu, * Teemu Huovila wrote: There are a few known issues in the virtual plugin for Dovecot 2.2.31. Some of these we will have fixed in 2.2.32. Your issue seems like a case of https://github.com/dovecot/core/commit/bc7d7e41fe00f76c38d1a5194c130c983487911b I've patched this PR into my

Re: is a self signed certificate always invalid the first time?

2017-08-09 Thread Ralph Seichter
On 09.08.2017 17:49, Alef Veld wrote: > I think let’s encrypt uses certbot though and it can’t do email > certificates (although i’m sure i can convert the cert i get from > let’s encrypt, i’ll look into it. I'm not sure what you mean by "can’t do email certificates"? In any case, Let's Encrypt

Re: is a self signed certificate always invalid the first time?

2017-08-09 Thread Ralph Seichter
On 09.08.2017 17:20, Alef Veld wrote: > So i’m using dovecot, and i created a self signed certificate with > mkcert.sh based on dovecot-openssl.cnf. The name in there matches my > mail server. > > The first time it connects in mac mail however, it says the certificate > is invalid and another

Re: is a self signed certificate always invalid the first time?

2017-08-09 Thread Gregory Sloop
AV> So i’m using dovecot, and i created a self signed certificate AV> with mkcert.sh based on dovecot-openssl.cnf. The name in there matches my mail server. AV> The first time it connects in mac mail however, it says the AV> certificate is invalid and another server might pretend to be me etc.

Re: is a self signed certificate always invalid the first time?

2017-08-09 Thread Alef Veld
Thanks Greg, that makes total sense. Appreciate your reply. On 9 Aug 2017, at 16:39, Gregory Sloop > wrote: AV> So i’m using dovecot, and i created a self signed certificate AV> with mkcert.sh based on dovecot-openssl.cnf. The name in there matches my

Re: is a self signed certificate always invalid the first time?

2017-08-09 Thread Ralph Seichter
On 09.08.2017 18:18, Alef Veld wrote: > Anyone know of any manual, or can I just replace the certs in the > dovecot and postfix locations with theirs? Do dovecot, postfix and > apache all support .pem format? Google "dovecot letsencrypt" is your friend. ;-) If you have questions about details,

Re: is a self signed certificate always invalid the first time?

2017-08-09 Thread Alef Veld
Thank you Ralph. I’ll have a look around myself first, don’t want others to waste their time on my homework. Sorry for some reason i get replies from every individual , so when i reply it sends it to both. I would expect replies to come from dovecot@dovecot.org as well. I will strip the

is a self signed certificate always invalid the first time?

2017-08-09 Thread Alef Veld
So i’m using dovecot, and i created a self signed certificate with mkcert.sh based on dovecot-openssl.cnf. The name in there matches my mail server. The first time it connects in mac mail however, it says the certificate is invalid and another server might pretend to be me etc. I then have the