SSL routines:ssl3_get_server_certificate:certificate verify failed

[cmonty14]

RainLoop version, browser, OS:

1.10.4.183

Expected behavior and actual behavior:

Cannot connect to mailserver IMAP and SMTP using SSL/TLS with standard ports 993 and 465 respectively.

Steps to reproduce the problem:

Domain - Administration - klick "test"

Logs or screenshots:

`[14:26:54.640][f67cd494] SMTP[NOTE]: Start connection to "ssl://mehl.biszumbitterenen.de:465"
[14:26:54.699][f67cd494] SMTP[NOTE]: Connected (unsuccess)
[14:26:54.699][f67cd494] SMTP[NOTICE]: Socket: [2] stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
[14:26:54.699][f67cd494] SMTP[NOTICE]: exception 'MailSo\Net\Exceptions\SocketCanNotConnectToHostException' with message 'Can't connect to host "ssl://mehl.biszumbitterenen.de:465"' in /var/www/mail/rainloop/rainloop/v/1.10.4.183/app/libraries/MailSo/Net/NetClient.php:292
Stack trace:
#0 /var/www/mail/rainloop/rainloop/v/1.10.4.183/app/libraries/MailSo/Smtp/SmtpClient.php(168): MailSo\Net\NetClient->Connect('mehl.biszumbitt...', 465, 1, true, false)
#1 /var/www/mail/rainloop/rainloop/v/1.10.4.183/app/libraries/RainLoop/Actions.php(4181): MailSo\Smtp\SmtpClient->Connect('mehl.biszumbitt...', 465, 'mehl.biszumbitt...', 1, true, false)
#2 [internal function]: RainLoop\Actions->DoAdminDomainTest()
#3 /var/www/mail/rainloop/rainloop/v/1.10.4.183/app/libraries/RainLoop/ServiceActions.php(172): call_user_func(Array)

`

There's no issue with other mail clients, e.g. Thunderbird using the same connection protocol / port.
Connecting with Roundcube is working, too.

Where is RainLoop looking for the SSL certificate?
In a specific directory of the webserver?
I have configured a reverse proxy (HAproxy) serving all SSL certificates.

THX

[sjorge]

I'm also hitting this error.

[Adrian-Voelker]

Me too. Any progress on this?

[zorino]

version 1.14.0 still seems to be affected by this problem with a Let's encrypt X3 certificate..

[Xelo]

Hey all,
just finished setting up a new mail server tomav/docker-mailserver container, and ran into an issue that TLS with Rainloop and Thunderbird didnt work.
I obtain my SSL via Caddy, but I had to disable old cipher in the postfix config.
This is how my postfix ciphers are looking now and everything is working fine with STARTTLS and SSL in Rainloop and Thunderbird.

smtpd_tls_protocols = TLSv1.2, TLSv1.1, !TLSv1, !SSLv2, !SSLv3
smtp_tls_protocols = TLSv1.2, TLSv1.1, !TLSv1, !SSLv2, !SSLv3
smtp_tls_ciphers = high
smtpd_tls_ciphers = high
smtpd_tls_mandatory_protocols = TLSv1.2, TLSv1.1, !TLSv1, !SSLv2, !SSLv3
smtp_tls_mandatory_protocols = TLSv1.2, TLSv1.1, !TLSv1, !SSLv2, !SSLv3
smtp_tls_mandatory_ciphers = high
smtpd_tls_mandatory_ciphers = high

smtpd_tls_mandatory_exclude_ciphers = MD5, DES, ADH, RC4, PSD, SRP, 3DES, eNULL, aNULL
smtpd_tls_exclude_ciphers = MD5, DES, ADH, RC4, PSD, SRP, 3DES, eNULL, aNULL
smtp_tls_mandatory_exclude_ciphers = MD5, DES, ADH, RC4, PSD, SRP, 3DES, eNULL, aNULL
smtp_tls_exclude_ciphers = MD5, DES, ADH, RC4, PSD, SRP, 3DES, eNULL, aNULL
tls_preempt_cipherlist = yes

hope this might help you.