(outlook) Security certificate cannot be verified
-
Hi All,
I'm experiencing issues with the cloudron emails certificates, and the ability to add emails to Outlook - mobile & PC. My cloudron certificates renew successfully, and when viewing the certificate everything looks to be setup correctly.
When adding the mailbox to Outlook (PC), I get a 'Internet Security Warning' (screenshot). If i select 'Yes' i'm able to add the mailbox as normal with no issues.
When adding the mailbox to Outlook (Mobile), I get a 'Log-in Error' and unable to proceed any further.
If more information is needed, please let me know - hopefully someone is able to assist.
-
Is this error only with Outlook or with other clients (say k9, thunderbird)? You can also try Services -> Email -> Restart. This copies over the latest certs to mail server.
You can also inspect the cert with
openssl s_client -connect my_imap_server:993 -showcerts -
J joseph marked this topic as a question on
-
Is this error only with Outlook or with other clients (say k9, thunderbird)? You can also try Services -> Email -> Restart. This copies over the latest certs to mail server.
You can also inspect the cert with
openssl s_client -connect my_imap_server:993 -showcertsHi @joseph
It seems to be only with Outlook, as when connecting via Thunderbird the certificate alert isn't prompted.
The email service has been restarted a few times, with no change in the alert.
When running the openssl s_client -connect my_imap_server:993 -showcerts command with my domain i get the below...
openssl s_client -connect my.promentum.info:993 -showcerts CONNECTED(00000003) depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = R10 verify return:1 depth=0 CN = my.promentum.info verify return:1 --- Certificate chain 0 s:CN = my.promentum.info i:C = US, O = Let's Encrypt, CN = R10 a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256 v:NotBefore: Apr 24 06:12:01 2025 GMT; NotAfter: Jul 23 06:12:00 2025 GMT -----BEGIN CERTIFICATE----- MIIGIzCCBQugAwIBAgISBgI+vdmnnEoxarCbcXpIKAX2MA0GCSqGSIb3DQEBCwUA MDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQwwCgYDVQQD EwNSMTAwHhcNMjUwNDI0MDYxMjAxWhcNMjUwNzIzMDYxMjAwWjAcMRowGAYDVQQD ExFteS5wcm9tZW50dW0uaW5mbzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC ggIBANgymu/CtP2SR16zNF+DDsW5ewth0orrQizuNnIA4+gBoviHM3PvYA+0u06P QCSZOppA9GPW9ZTkTtx7ZWLl+Lq+z35tZuwB+b1f65xXblSv72nNvxz91uQwibsM AV2lr5qqXs10I1sP6bb/ZfS2NZaencsAZQs/vCK4iQ58JV2jCLYitXvZ1j49Qn2d I6zcCO6+ooyy7AA1YDBYLN2RBNSjuPC/WyicFcPgoHrjTq/CjcxUe5VswDgrn6fs 4dj67+vP1+tFLkxKdE/3ch0gI6M1F1SQ5LZmpl+ffrZGFseHZLbS26dDI/d0ek4G eooUMoDOnfVpHAFdcGUkcwkPwd0Oz6BFFn/wg2LYAK3b79PTZNUriDn31PWVrmcQ zWjjrV0WkkRiLxXvwjgvUMahupeCGvJdiYqk81nCxD/XzSInMAsh6AGUtiabD/cY bYcRAW10ZonuFkF6n2ETcXPU2d7DAn1jr5VdU/6PXIB5wBPr6DhPURh+kur7l9jE 0XqUB455GZJS89gNeFPWVqeZrjLRn3ncr9XvA55tJGN0NGTsAFQzqylumBKYjUSO ry4qQWnN6fdCqLDppzkIM24Exg6zPYw2xnlY4V1ZhRno2qFAiwGi+B6z338vIDXi JCv5wZhO+W2VVW5iS4Tl0nJVYdPf/tQQEHAioNBinmqpA8T1AgMBAAGjggJGMIIC QjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFCA/yV310ZIEBrxJl4mTEKNxQw04MB8G A1UdIwQYMBaAFLu8w0el5LypxsOkcgwQjaI14cjoMFcGCCsGAQUFBwEBBEswSTAi BggrBgEFBQcwAYYWaHR0cDovL3IxMC5vLmxlbmNyLm9yZzAjBggrBgEFBQcwAoYX aHR0cDovL3IxMC5pLmxlbmNyLm9yZy8wHAYDVR0RBBUwE4IRbXkucHJvbWVudHVt LmluZm8wEwYDVR0gBAwwCjAIBgZngQwBAgEwLwYDVR0fBCgwJjAkoCKgIIYeaHR0 cDovL3IxMC5jLmxlbmNyLm9yZy8xMTkuY3JsMIIBBAYKKwYBBAHWeQIEAgSB9QSB 8gDwAHcApELFBklgYVSPD9TqnPt6LSZFTYepfy/fRVn2J086hFQAAAGWZqI/ogAA BAMASDBGAiEA3q1W2rs0s9hEz5CjC++l/irU5S8zg26g0cvM6TVgf6ECIQC78zTW Wa933xFGUdvw6kt9898XLVkNYAmEa/wmsE9OLAB1AA3h8jAr0w3BQGISCepVLvxH dHyx1+kw7w5CHrR+Tqo0AAABlmaiP6MAAAQDAEYwRAIgNmZhCRsQ0MU/AWc0eRmi nCwnmBq1/vUT5ZXzG6XZlAwCIA2xvRZepn493pQnjDaZs+l3c+5Gj7W9faNxgHEC dZQSMA0GCSqGSIb3DQEBCwUAA4IBAQCogapxmcXWwwbraRF0v7l9KFa4Kl4R05UW ZURy5QqWpjtOp3yqXrSpB3SJGasXnUo0LLieAEtHOR8O8+p0JoJKcHrAgStUBDvj jk0a8MR/A2aiw+aN3FK5HtN/6pBFz5Z7GUDf8EtH8JOSWaPtZisigVASQuUhkCWn wnvaZq3qT0jAGhfeTzdR3kq7DuY32PdYJSiwAgkrjzWuyT05hwAWoi6pMUukZPKv ERhyHKBYNClQcCAzlJx/KjDyvB0dlCGbhpqVtlwB0atF6DQW2MKUxWnjlPtRcNYc fxuGkCRT+tistk+ar3ueRDqrxKkldHNIFtPexCaDcS4ZGg2XsFiK -----END CERTIFICATE----- 1 s:C = US, O = Let's Encrypt, CN = R10 i:C = US, O = Internet Security Research Group, CN = ISRG Root X1 a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 13 00:00:00 2024 GMT; NotAfter: Mar 12 23:59:59 2027 GMT -----BEGIN CERTIFICATE----- MIIFBTCCAu2gAwIBAgIQS6hSk/eaL6JzBkuoBI110DANBgkqhkiG9w0BAQsFADBP MQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFy Y2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBYMTAeFw0yNDAzMTMwMDAwMDBa Fw0yNzAzMTIyMzU5NTlaMDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBF bmNyeXB0MQwwCgYDVQQDEwNSMTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQDPV+XmxFQS7bRH/sknWHZGUCiMHT6I3wWd1bUYKb3dtVq/+vbOo76vACFL YlpaPAEvxVgD9on/jhFD68G14BQHlo9vH9fnuoE5CXVlt8KvGFs3Jijno/QHK20a /6tYvJWuQP/py1fEtVt/eA0YYbwX51TGu0mRzW4Y0YCF7qZlNrx06rxQTOr8IfM4 FpOUurDTazgGzRYSespSdcitdrLCnF2YRVxvYXvGLe48E1KGAdlX5jgc3421H5KR mudKHMxFqHJV8LDmowfs/acbZp4/SItxhHFYyTr6717yW0QrPHTnj7JHwQdqzZq3 DZb3EoEmUVQK7GH29/Xi8orIlQ2NAgMBAAGjgfgwgfUwDgYDVR0PAQH/BAQDAgGG MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATASBgNVHRMBAf8ECDAGAQH/ AgEAMB0GA1UdDgQWBBS7vMNHpeS8qcbDpHIMEI2iNeHI6DAfBgNVHSMEGDAWgBR5 tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAKG Fmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0gBAwwCjAIBgZngQwBAgEwJwYD VR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVuY3Iub3JnLzANBgkqhkiG9w0B AQsFAAOCAgEAkrHnQTfreZ2B5s3iJeE6IOmQRJWjgVzPw139vaBw1bGWKCIL0vIo zwzn1OZDjCQiHcFCktEJr59L9MhwTyAWsVrdAfYf+B9haxQnsHKNY67u4s5Lzzfd u6PUzeetUK29v+PsPmI2cJkxp+iN3epi4hKu9ZzUPSwMqtCceb7qPVxEbpYxY1p9 1n5PJKBLBX9eb9LU6l8zSxPWV7bK3lG4XaMJgnT9x3ies7msFtpKK5bDtotij/l0 GaKeA97pb5uwD9KgWvaFXMIEt8jVTjLEvwRdvCn294GPDF08U8lAkIv7tghluaQh 1QnlE4SEN4LOECj8dsIGJXpGUk3aU3KkJz9icKy+aUgA+2cP21uh6NcDIS3XyfaZ QjmDQ993ChII8SXWupQZVBiIpcWO4RqZk3lr7Bz5MUCwzDIA359e57SSq5CCkY0N 4B6Vulk7LktfwrdGNVI5BsC9qqxSwSKgRJeZ9wygIaehbHFHFhcBaMDKpiZlBHyz rsnnlFXCb5s8HKn5LsUgGvB24L7sGNZP2CX7dhHov+YhD+jozLW2p9W4959Bz2Ei RmqDtmiXLnzqTpXbI+suyCsohKRg6Un0RC47+cpiVwHiXZAW+cn8eiNIjqbVgXLx KPpdzvvtTnOPlC7SQZSYmdunr3Bf9b77AiC/ZidstK36dRILKz7OA54= -----END CERTIFICATE----- --- Server certificate subject=CN = my.promentum.info issuer=C = US, O = Let's Encrypt, CN = R10 --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 3685 bytes and written 399 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 4096 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 4BD471C720F74F914D6FD783B8289F6CA08BA52BFAF89D2D46B8D89F992845D7 Session-ID-ctx: Resumption PSK: 1B942C5384C631FA71F4D00D41838CCC0F1A02A91563D3085A555F10BDBBCB8B049495AC765610B1B711BD5728F188BA PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - a3 8b 31 e5 cf 07 1e 35-20 f2 7d ce 82 ee 02 61 ..1....5 .}....a 0010 - ea ff f1 f0 17 1e 74 0c-79 48 a3 6b b3 2d 2e 69 ......t.yH.k.-.i 0020 - fb 3f 92 1a 2c 81 74 10-17 11 70 32 74 99 35 12 .?..,.t...p2t.5. 0030 - 01 b0 78 e2 c3 3a 9d ed-3a bc 7b 2c dc 89 be 81 ..x..:..:.{,.... 0040 - c5 0c 3b 63 bb 9c e1 b9-54 5c b4 94 4b 97 c5 77 ..;c....T\..K..w 0050 - 82 85 7d 42 1b d3 10 6c-e9 01 30 95 13 2e de 5c ..}B...l..0....\ 0060 - 6f 05 dc 5f 45 11 51 d0-01 08 78 c7 71 76 09 f6 o.._E.Q...x.qv.. 0070 - ec df b6 86 2e fb 13 b2-bf 68 a8 33 80 72 4d b2 .........h.3.rM. 0080 - 0b b6 ab f2 f2 30 8b 64-f3 bf 60 18 bb cb 6d 2e .....0.d..`...m. 0090 - e7 6a 8e a0 d4 06 2d 28-8a ef e4 43 ff bd ca d9 .j....-(...C.... 00a0 - ca 8c 87 e2 97 c5 e2 c8-90 ac 16 e9 ff f5 63 31 ..............c1 00b0 - 08 87 d3 76 c8 a7 f8 3e-a4 6f 95 17 bc 36 a6 a1 ...v...>.o...6.. 00c0 - 37 53 8b da ba 50 35 ad-50 3d 34 b6 77 9c cd 3b 7S...P5.P=4.w..; 00d0 - 36 02 5c 48 93 dd ba 45-bb 2d ce b6 63 59 b6 58 6.\H...E.-..cY.X Start Time: 1746784945 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 85CF897B8F0BB087A3ADDD697F374EF68FB6A7E0B5CD8A6ABA6D0D71B882B7DF Session-ID-ctx: Resumption PSK: AE9A476653A062F858587ED044F35B7A574AF3DFEAE1665F4025F62FE3FB4F76A66F501F212FFC0534D90E6BDF6A5BFB PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - a3 8b 31 e5 cf 07 1e 35-20 f2 7d ce 82 ee 02 61 ..1....5 .}....a 0010 - 75 9a 28 8b 45 5b d4 c8-b7 a6 48 e7 6a ab a2 ec u.(.E[....H.j... 0020 - 7f b1 83 33 3e d1 db 4b-db 68 ec 05 58 6e 29 c7 ...3>..K.h..Xn). 0030 - 98 6c a5 50 61 2a d9 10-89 bd 8a d5 99 a6 77 f6 .l.Pa*........w. 0040 - dd 59 b0 0f 51 70 75 bf-54 2c 46 86 71 d3 63 cb .Y..Qpu.T,F.q.c. 0050 - 93 22 f8 0f b9 73 1b 98-12 45 3b 1a 3b 0c f7 93 ."...s...E;.;... 0060 - f2 b3 b5 74 11 90 0b 6d-c9 ec 0c cc 8e 8e 24 a5 ...t...m......$. 0070 - 14 61 a8 d1 39 99 14 23-2e 7f 23 c5 61 b0 07 f9 .a..9..#..#.a... 0080 - a4 31 22 a3 1d 2f 78 51-f4 54 19 8c 4f 82 73 e7 .1"../xQ.T..O.s. 0090 - 0b f0 18 fe 55 6f e5 de-ea 49 b5 95 b2 17 d9 d4 ....Uo...I...... 00a0 - 9f a1 0f 18 5f 45 42 32-72 43 42 e6 bb 6e d3 d4 ...._EB2rCB..n.. 00b0 - bb 77 5a 0a 9f 0b 03 a1-06 7a 9e 95 3e da 8a 90 .wZ......z..>... 00c0 - 5a 53 a0 9b 1f 0c 8d 4e-99 25 ed 87 64 28 81 f4 ZS.....N.%..d(.. 00d0 - af 83 b8 2b cd a5 8d 87-99 56 f3 43 e2 87 52 32 ...+.....V.C..R2 Start Time: 1746784945 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN] Dovecot (Ubuntu) ready. -
If the above from @joseph does not resolve the issue already, please press the
View Certificatebutton and share the output of it. -
Hi @joseph
It seems to be only with Outlook, as when connecting via Thunderbird the certificate alert isn't prompted.
The email service has been restarted a few times, with no change in the alert.
When running the openssl s_client -connect my_imap_server:993 -showcerts command with my domain i get the below...
openssl s_client -connect my.promentum.info:993 -showcerts CONNECTED(00000003) depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = R10 verify return:1 depth=0 CN = my.promentum.info verify return:1 --- Certificate chain 0 s:CN = my.promentum.info i:C = US, O = Let's Encrypt, CN = R10 a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256 v:NotBefore: Apr 24 06:12:01 2025 GMT; NotAfter: Jul 23 06:12:00 2025 GMT -----BEGIN CERTIFICATE----- MIIGIzCCBQugAwIBAgISBgI+vdmnnEoxarCbcXpIKAX2MA0GCSqGSIb3DQEBCwUA MDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQwwCgYDVQQD EwNSMTAwHhcNMjUwNDI0MDYxMjAxWhcNMjUwNzIzMDYxMjAwWjAcMRowGAYDVQQD ExFteS5wcm9tZW50dW0uaW5mbzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC ggIBANgymu/CtP2SR16zNF+DDsW5ewth0orrQizuNnIA4+gBoviHM3PvYA+0u06P QCSZOppA9GPW9ZTkTtx7ZWLl+Lq+z35tZuwB+b1f65xXblSv72nNvxz91uQwibsM AV2lr5qqXs10I1sP6bb/ZfS2NZaencsAZQs/vCK4iQ58JV2jCLYitXvZ1j49Qn2d I6zcCO6+ooyy7AA1YDBYLN2RBNSjuPC/WyicFcPgoHrjTq/CjcxUe5VswDgrn6fs 4dj67+vP1+tFLkxKdE/3ch0gI6M1F1SQ5LZmpl+ffrZGFseHZLbS26dDI/d0ek4G eooUMoDOnfVpHAFdcGUkcwkPwd0Oz6BFFn/wg2LYAK3b79PTZNUriDn31PWVrmcQ zWjjrV0WkkRiLxXvwjgvUMahupeCGvJdiYqk81nCxD/XzSInMAsh6AGUtiabD/cY bYcRAW10ZonuFkF6n2ETcXPU2d7DAn1jr5VdU/6PXIB5wBPr6DhPURh+kur7l9jE 0XqUB455GZJS89gNeFPWVqeZrjLRn3ncr9XvA55tJGN0NGTsAFQzqylumBKYjUSO ry4qQWnN6fdCqLDppzkIM24Exg6zPYw2xnlY4V1ZhRno2qFAiwGi+B6z338vIDXi JCv5wZhO+W2VVW5iS4Tl0nJVYdPf/tQQEHAioNBinmqpA8T1AgMBAAGjggJGMIIC QjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFCA/yV310ZIEBrxJl4mTEKNxQw04MB8G A1UdIwQYMBaAFLu8w0el5LypxsOkcgwQjaI14cjoMFcGCCsGAQUFBwEBBEswSTAi BggrBgEFBQcwAYYWaHR0cDovL3IxMC5vLmxlbmNyLm9yZzAjBggrBgEFBQcwAoYX aHR0cDovL3IxMC5pLmxlbmNyLm9yZy8wHAYDVR0RBBUwE4IRbXkucHJvbWVudHVt LmluZm8wEwYDVR0gBAwwCjAIBgZngQwBAgEwLwYDVR0fBCgwJjAkoCKgIIYeaHR0 cDovL3IxMC5jLmxlbmNyLm9yZy8xMTkuY3JsMIIBBAYKKwYBBAHWeQIEAgSB9QSB 8gDwAHcApELFBklgYVSPD9TqnPt6LSZFTYepfy/fRVn2J086hFQAAAGWZqI/ogAA BAMASDBGAiEA3q1W2rs0s9hEz5CjC++l/irU5S8zg26g0cvM6TVgf6ECIQC78zTW Wa933xFGUdvw6kt9898XLVkNYAmEa/wmsE9OLAB1AA3h8jAr0w3BQGISCepVLvxH dHyx1+kw7w5CHrR+Tqo0AAABlmaiP6MAAAQDAEYwRAIgNmZhCRsQ0MU/AWc0eRmi nCwnmBq1/vUT5ZXzG6XZlAwCIA2xvRZepn493pQnjDaZs+l3c+5Gj7W9faNxgHEC dZQSMA0GCSqGSIb3DQEBCwUAA4IBAQCogapxmcXWwwbraRF0v7l9KFa4Kl4R05UW ZURy5QqWpjtOp3yqXrSpB3SJGasXnUo0LLieAEtHOR8O8+p0JoJKcHrAgStUBDvj jk0a8MR/A2aiw+aN3FK5HtN/6pBFz5Z7GUDf8EtH8JOSWaPtZisigVASQuUhkCWn wnvaZq3qT0jAGhfeTzdR3kq7DuY32PdYJSiwAgkrjzWuyT05hwAWoi6pMUukZPKv ERhyHKBYNClQcCAzlJx/KjDyvB0dlCGbhpqVtlwB0atF6DQW2MKUxWnjlPtRcNYc fxuGkCRT+tistk+ar3ueRDqrxKkldHNIFtPexCaDcS4ZGg2XsFiK -----END CERTIFICATE----- 1 s:C = US, O = Let's Encrypt, CN = R10 i:C = US, O = Internet Security Research Group, CN = ISRG Root X1 a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 13 00:00:00 2024 GMT; NotAfter: Mar 12 23:59:59 2027 GMT -----BEGIN CERTIFICATE----- MIIFBTCCAu2gAwIBAgIQS6hSk/eaL6JzBkuoBI110DANBgkqhkiG9w0BAQsFADBP MQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFy Y2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBYMTAeFw0yNDAzMTMwMDAwMDBa Fw0yNzAzMTIyMzU5NTlaMDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBF bmNyeXB0MQwwCgYDVQQDEwNSMTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQDPV+XmxFQS7bRH/sknWHZGUCiMHT6I3wWd1bUYKb3dtVq/+vbOo76vACFL YlpaPAEvxVgD9on/jhFD68G14BQHlo9vH9fnuoE5CXVlt8KvGFs3Jijno/QHK20a /6tYvJWuQP/py1fEtVt/eA0YYbwX51TGu0mRzW4Y0YCF7qZlNrx06rxQTOr8IfM4 FpOUurDTazgGzRYSespSdcitdrLCnF2YRVxvYXvGLe48E1KGAdlX5jgc3421H5KR mudKHMxFqHJV8LDmowfs/acbZp4/SItxhHFYyTr6717yW0QrPHTnj7JHwQdqzZq3 DZb3EoEmUVQK7GH29/Xi8orIlQ2NAgMBAAGjgfgwgfUwDgYDVR0PAQH/BAQDAgGG MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATASBgNVHRMBAf8ECDAGAQH/ AgEAMB0GA1UdDgQWBBS7vMNHpeS8qcbDpHIMEI2iNeHI6DAfBgNVHSMEGDAWgBR5 tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAKG Fmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0gBAwwCjAIBgZngQwBAgEwJwYD VR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVuY3Iub3JnLzANBgkqhkiG9w0B AQsFAAOCAgEAkrHnQTfreZ2B5s3iJeE6IOmQRJWjgVzPw139vaBw1bGWKCIL0vIo zwzn1OZDjCQiHcFCktEJr59L9MhwTyAWsVrdAfYf+B9haxQnsHKNY67u4s5Lzzfd u6PUzeetUK29v+PsPmI2cJkxp+iN3epi4hKu9ZzUPSwMqtCceb7qPVxEbpYxY1p9 1n5PJKBLBX9eb9LU6l8zSxPWV7bK3lG4XaMJgnT9x3ies7msFtpKK5bDtotij/l0 GaKeA97pb5uwD9KgWvaFXMIEt8jVTjLEvwRdvCn294GPDF08U8lAkIv7tghluaQh 1QnlE4SEN4LOECj8dsIGJXpGUk3aU3KkJz9icKy+aUgA+2cP21uh6NcDIS3XyfaZ QjmDQ993ChII8SXWupQZVBiIpcWO4RqZk3lr7Bz5MUCwzDIA359e57SSq5CCkY0N 4B6Vulk7LktfwrdGNVI5BsC9qqxSwSKgRJeZ9wygIaehbHFHFhcBaMDKpiZlBHyz rsnnlFXCb5s8HKn5LsUgGvB24L7sGNZP2CX7dhHov+YhD+jozLW2p9W4959Bz2Ei RmqDtmiXLnzqTpXbI+suyCsohKRg6Un0RC47+cpiVwHiXZAW+cn8eiNIjqbVgXLx KPpdzvvtTnOPlC7SQZSYmdunr3Bf9b77AiC/ZidstK36dRILKz7OA54= -----END CERTIFICATE----- --- Server certificate subject=CN = my.promentum.info issuer=C = US, O = Let's Encrypt, CN = R10 --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 3685 bytes and written 399 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 4096 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 4BD471C720F74F914D6FD783B8289F6CA08BA52BFAF89D2D46B8D89F992845D7 Session-ID-ctx: Resumption PSK: 1B942C5384C631FA71F4D00D41838CCC0F1A02A91563D3085A555F10BDBBCB8B049495AC765610B1B711BD5728F188BA PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - a3 8b 31 e5 cf 07 1e 35-20 f2 7d ce 82 ee 02 61 ..1....5 .}....a 0010 - ea ff f1 f0 17 1e 74 0c-79 48 a3 6b b3 2d 2e 69 ......t.yH.k.-.i 0020 - fb 3f 92 1a 2c 81 74 10-17 11 70 32 74 99 35 12 .?..,.t...p2t.5. 0030 - 01 b0 78 e2 c3 3a 9d ed-3a bc 7b 2c dc 89 be 81 ..x..:..:.{,.... 0040 - c5 0c 3b 63 bb 9c e1 b9-54 5c b4 94 4b 97 c5 77 ..;c....T\..K..w 0050 - 82 85 7d 42 1b d3 10 6c-e9 01 30 95 13 2e de 5c ..}B...l..0....\ 0060 - 6f 05 dc 5f 45 11 51 d0-01 08 78 c7 71 76 09 f6 o.._E.Q...x.qv.. 0070 - ec df b6 86 2e fb 13 b2-bf 68 a8 33 80 72 4d b2 .........h.3.rM. 0080 - 0b b6 ab f2 f2 30 8b 64-f3 bf 60 18 bb cb 6d 2e .....0.d..`...m. 0090 - e7 6a 8e a0 d4 06 2d 28-8a ef e4 43 ff bd ca d9 .j....-(...C.... 00a0 - ca 8c 87 e2 97 c5 e2 c8-90 ac 16 e9 ff f5 63 31 ..............c1 00b0 - 08 87 d3 76 c8 a7 f8 3e-a4 6f 95 17 bc 36 a6 a1 ...v...>.o...6.. 00c0 - 37 53 8b da ba 50 35 ad-50 3d 34 b6 77 9c cd 3b 7S...P5.P=4.w..; 00d0 - 36 02 5c 48 93 dd ba 45-bb 2d ce b6 63 59 b6 58 6.\H...E.-..cY.X Start Time: 1746784945 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 85CF897B8F0BB087A3ADDD697F374EF68FB6A7E0B5CD8A6ABA6D0D71B882B7DF Session-ID-ctx: Resumption PSK: AE9A476653A062F858587ED044F35B7A574AF3DFEAE1665F4025F62FE3FB4F76A66F501F212FFC0534D90E6BDF6A5BFB PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - a3 8b 31 e5 cf 07 1e 35-20 f2 7d ce 82 ee 02 61 ..1....5 .}....a 0010 - 75 9a 28 8b 45 5b d4 c8-b7 a6 48 e7 6a ab a2 ec u.(.E[....H.j... 0020 - 7f b1 83 33 3e d1 db 4b-db 68 ec 05 58 6e 29 c7 ...3>..K.h..Xn). 0030 - 98 6c a5 50 61 2a d9 10-89 bd 8a d5 99 a6 77 f6 .l.Pa*........w. 0040 - dd 59 b0 0f 51 70 75 bf-54 2c 46 86 71 d3 63 cb .Y..Qpu.T,F.q.c. 0050 - 93 22 f8 0f b9 73 1b 98-12 45 3b 1a 3b 0c f7 93 ."...s...E;.;... 0060 - f2 b3 b5 74 11 90 0b 6d-c9 ec 0c cc 8e 8e 24 a5 ...t...m......$. 0070 - 14 61 a8 d1 39 99 14 23-2e 7f 23 c5 61 b0 07 f9 .a..9..#..#.a... 0080 - a4 31 22 a3 1d 2f 78 51-f4 54 19 8c 4f 82 73 e7 .1"../xQ.T..O.s. 0090 - 0b f0 18 fe 55 6f e5 de-ea 49 b5 95 b2 17 d9 d4 ....Uo...I...... 00a0 - 9f a1 0f 18 5f 45 42 32-72 43 42 e6 bb 6e d3 d4 ...._EB2rCB..n.. 00b0 - bb 77 5a 0a 9f 0b 03 a1-06 7a 9e 95 3e da 8a 90 .wZ......z..>... 00c0 - 5a 53 a0 9b 1f 0c 8d 4e-99 25 ed 87 64 28 81 f4 ZS.....N.%..d(.. 00d0 - af 83 b8 2b cd a5 8d 87-99 56 f3 43 e2 87 52 32 ...+.....V.C..R2 Start Time: 1746784945 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN] Dovecot (Ubuntu) ready.@PMConor said in Security certificate cannot be verified:
It seems to be only with Outlook, as when connecting via Thunderbird the certificate alert isn't prompted.
the certs look correct and valid . So, it's some outlook client issue . I don't have a Windows PC to test but by mobile do you mean Android app ?
-
@PMConor said in Security certificate cannot be verified:
It seems to be only with Outlook, as when connecting via Thunderbird the certificate alert isn't prompted.
the certs look correct and valid . So, it's some outlook client issue . I don't have a Windows PC to test but by mobile do you mean Android app ?
-
could it be that outlook wants to connect to something like
imap.promentum.infoand not themysubdomain? -
P PMConor has marked this topic as solved on
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login