(outlook) Security certificate cannot be verified
-
Hi All,
I'm experiencing issues with the cloudron emails certificates, and the ability to add emails to Outlook - mobile & PC. My cloudron certificates renew successfully, and when viewing the certificate everything looks to be setup correctly.
When adding the mailbox to Outlook (PC), I get a 'Internet Security Warning' (screenshot). If i select 'Yes' i'm able to add the mailbox as normal with no issues.
When adding the mailbox to Outlook (Mobile), I get a 'Log-in Error' and unable to proceed any further.
If more information is needed, please let me know - hopefully someone is able to assist.
-
Is this error only with Outlook or with other clients (say k9, thunderbird)? You can also try Services -> Email -> Restart. This copies over the latest certs to mail server.
You can also inspect the cert with
openssl s_client -connect my_imap_server:993 -showcerts -
J joseph marked this topic as a question
-
Is this error only with Outlook or with other clients (say k9, thunderbird)? You can also try Services -> Email -> Restart. This copies over the latest certs to mail server.
You can also inspect the cert with
openssl s_client -connect my_imap_server:993 -showcertsHi @joseph
It seems to be only with Outlook, as when connecting via Thunderbird the certificate alert isn't prompted.
The email service has been restarted a few times, with no change in the alert.
When running the openssl s_client -connect my_imap_server:993 -showcerts command with my domain i get the below...
openssl s_client -connect my.promentum.info:993 -showcerts CONNECTED(00000003) depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = R10 verify return:1 depth=0 CN = my.promentum.info verify return:1 --- Certificate chain 0 s:CN = my.promentum.info i:C = US, O = Let's Encrypt, CN = R10 a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256 v:NotBefore: Apr 24 06:12:01 2025 GMT; NotAfter: Jul 23 06:12:00 2025 GMT -----BEGIN CERTIFICATE----- MIIGIzCCBQugAwIBAgISBgI+vdmnnEoxarCbcXpIKAX2MA0GCSqGSIb3DQEBCwUA MDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQwwCgYDVQQD EwNSMTAwHhcNMjUwNDI0MDYxMjAxWhcNMjUwNzIzMDYxMjAwWjAcMRowGAYDVQQD ExFteS5wcm9tZW50dW0uaW5mbzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC ggIBANgymu/CtP2SR16zNF+DDsW5ewth0orrQizuNnIA4+gBoviHM3PvYA+0u06P QCSZOppA9GPW9ZTkTtx7ZWLl+Lq+z35tZuwB+b1f65xXblSv72nNvxz91uQwibsM AV2lr5qqXs10I1sP6bb/ZfS2NZaencsAZQs/vCK4iQ58JV2jCLYitXvZ1j49Qn2d I6zcCO6+ooyy7AA1YDBYLN2RBNSjuPC/WyicFcPgoHrjTq/CjcxUe5VswDgrn6fs 4dj67+vP1+tFLkxKdE/3ch0gI6M1F1SQ5LZmpl+ffrZGFseHZLbS26dDI/d0ek4G eooUMoDOnfVpHAFdcGUkcwkPwd0Oz6BFFn/wg2LYAK3b79PTZNUriDn31PWVrmcQ zWjjrV0WkkRiLxXvwjgvUMahupeCGvJdiYqk81nCxD/XzSInMAsh6AGUtiabD/cY bYcRAW10ZonuFkF6n2ETcXPU2d7DAn1jr5VdU/6PXIB5wBPr6DhPURh+kur7l9jE 0XqUB455GZJS89gNeFPWVqeZrjLRn3ncr9XvA55tJGN0NGTsAFQzqylumBKYjUSO ry4qQWnN6fdCqLDppzkIM24Exg6zPYw2xnlY4V1ZhRno2qFAiwGi+B6z338vIDXi JCv5wZhO+W2VVW5iS4Tl0nJVYdPf/tQQEHAioNBinmqpA8T1AgMBAAGjggJGMIIC QjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFCA/yV310ZIEBrxJl4mTEKNxQw04MB8G A1UdIwQYMBaAFLu8w0el5LypxsOkcgwQjaI14cjoMFcGCCsGAQUFBwEBBEswSTAi BggrBgEFBQcwAYYWaHR0cDovL3IxMC5vLmxlbmNyLm9yZzAjBggrBgEFBQcwAoYX aHR0cDovL3IxMC5pLmxlbmNyLm9yZy8wHAYDVR0RBBUwE4IRbXkucHJvbWVudHVt LmluZm8wEwYDVR0gBAwwCjAIBgZngQwBAgEwLwYDVR0fBCgwJjAkoCKgIIYeaHR0 cDovL3IxMC5jLmxlbmNyLm9yZy8xMTkuY3JsMIIBBAYKKwYBBAHWeQIEAgSB9QSB 8gDwAHcApELFBklgYVSPD9TqnPt6LSZFTYepfy/fRVn2J086hFQAAAGWZqI/ogAA BAMASDBGAiEA3q1W2rs0s9hEz5CjC++l/irU5S8zg26g0cvM6TVgf6ECIQC78zTW Wa933xFGUdvw6kt9898XLVkNYAmEa/wmsE9OLAB1AA3h8jAr0w3BQGISCepVLvxH dHyx1+kw7w5CHrR+Tqo0AAABlmaiP6MAAAQDAEYwRAIgNmZhCRsQ0MU/AWc0eRmi nCwnmBq1/vUT5ZXzG6XZlAwCIA2xvRZepn493pQnjDaZs+l3c+5Gj7W9faNxgHEC dZQSMA0GCSqGSIb3DQEBCwUAA4IBAQCogapxmcXWwwbraRF0v7l9KFa4Kl4R05UW ZURy5QqWpjtOp3yqXrSpB3SJGasXnUo0LLieAEtHOR8O8+p0JoJKcHrAgStUBDvj jk0a8MR/A2aiw+aN3FK5HtN/6pBFz5Z7GUDf8EtH8JOSWaPtZisigVASQuUhkCWn wnvaZq3qT0jAGhfeTzdR3kq7DuY32PdYJSiwAgkrjzWuyT05hwAWoi6pMUukZPKv ERhyHKBYNClQcCAzlJx/KjDyvB0dlCGbhpqVtlwB0atF6DQW2MKUxWnjlPtRcNYc fxuGkCRT+tistk+ar3ueRDqrxKkldHNIFtPexCaDcS4ZGg2XsFiK -----END CERTIFICATE----- 1 s:C = US, O = Let's Encrypt, CN = R10 i:C = US, O = Internet Security Research Group, CN = ISRG Root X1 a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 13 00:00:00 2024 GMT; NotAfter: Mar 12 23:59:59 2027 GMT -----BEGIN CERTIFICATE----- MIIFBTCCAu2gAwIBAgIQS6hSk/eaL6JzBkuoBI110DANBgkqhkiG9w0BAQsFADBP MQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFy Y2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBYMTAeFw0yNDAzMTMwMDAwMDBa Fw0yNzAzMTIyMzU5NTlaMDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBF bmNyeXB0MQwwCgYDVQQDEwNSMTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQDPV+XmxFQS7bRH/sknWHZGUCiMHT6I3wWd1bUYKb3dtVq/+vbOo76vACFL YlpaPAEvxVgD9on/jhFD68G14BQHlo9vH9fnuoE5CXVlt8KvGFs3Jijno/QHK20a /6tYvJWuQP/py1fEtVt/eA0YYbwX51TGu0mRzW4Y0YCF7qZlNrx06rxQTOr8IfM4 FpOUurDTazgGzRYSespSdcitdrLCnF2YRVxvYXvGLe48E1KGAdlX5jgc3421H5KR mudKHMxFqHJV8LDmowfs/acbZp4/SItxhHFYyTr6717yW0QrPHTnj7JHwQdqzZq3 DZb3EoEmUVQK7GH29/Xi8orIlQ2NAgMBAAGjgfgwgfUwDgYDVR0PAQH/BAQDAgGG MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATASBgNVHRMBAf8ECDAGAQH/ AgEAMB0GA1UdDgQWBBS7vMNHpeS8qcbDpHIMEI2iNeHI6DAfBgNVHSMEGDAWgBR5 tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAKG Fmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0gBAwwCjAIBgZngQwBAgEwJwYD VR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVuY3Iub3JnLzANBgkqhkiG9w0B AQsFAAOCAgEAkrHnQTfreZ2B5s3iJeE6IOmQRJWjgVzPw139vaBw1bGWKCIL0vIo zwzn1OZDjCQiHcFCktEJr59L9MhwTyAWsVrdAfYf+B9haxQnsHKNY67u4s5Lzzfd u6PUzeetUK29v+PsPmI2cJkxp+iN3epi4hKu9ZzUPSwMqtCceb7qPVxEbpYxY1p9 1n5PJKBLBX9eb9LU6l8zSxPWV7bK3lG4XaMJgnT9x3ies7msFtpKK5bDtotij/l0 GaKeA97pb5uwD9KgWvaFXMIEt8jVTjLEvwRdvCn294GPDF08U8lAkIv7tghluaQh 1QnlE4SEN4LOECj8dsIGJXpGUk3aU3KkJz9icKy+aUgA+2cP21uh6NcDIS3XyfaZ QjmDQ993ChII8SXWupQZVBiIpcWO4RqZk3lr7Bz5MUCwzDIA359e57SSq5CCkY0N 4B6Vulk7LktfwrdGNVI5BsC9qqxSwSKgRJeZ9wygIaehbHFHFhcBaMDKpiZlBHyz rsnnlFXCb5s8HKn5LsUgGvB24L7sGNZP2CX7dhHov+YhD+jozLW2p9W4959Bz2Ei RmqDtmiXLnzqTpXbI+suyCsohKRg6Un0RC47+cpiVwHiXZAW+cn8eiNIjqbVgXLx KPpdzvvtTnOPlC7SQZSYmdunr3Bf9b77AiC/ZidstK36dRILKz7OA54= -----END CERTIFICATE----- --- Server certificate subject=CN = my.promentum.info issuer=C = US, O = Let's Encrypt, CN = R10 --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 3685 bytes and written 399 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 4096 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 4BD471C720F74F914D6FD783B8289F6CA08BA52BFAF89D2D46B8D89F992845D7 Session-ID-ctx: Resumption PSK: 1B942C5384C631FA71F4D00D41838CCC0F1A02A91563D3085A555F10BDBBCB8B049495AC765610B1B711BD5728F188BA PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - a3 8b 31 e5 cf 07 1e 35-20 f2 7d ce 82 ee 02 61 ..1....5 .}....a 0010 - ea ff f1 f0 17 1e 74 0c-79 48 a3 6b b3 2d 2e 69 ......t.yH.k.-.i 0020 - fb 3f 92 1a 2c 81 74 10-17 11 70 32 74 99 35 12 .?..,.t...p2t.5. 0030 - 01 b0 78 e2 c3 3a 9d ed-3a bc 7b 2c dc 89 be 81 ..x..:..:.{,.... 0040 - c5 0c 3b 63 bb 9c e1 b9-54 5c b4 94 4b 97 c5 77 ..;c....T\..K..w 0050 - 82 85 7d 42 1b d3 10 6c-e9 01 30 95 13 2e de 5c ..}B...l..0....\ 0060 - 6f 05 dc 5f 45 11 51 d0-01 08 78 c7 71 76 09 f6 o.._E.Q...x.qv.. 0070 - ec df b6 86 2e fb 13 b2-bf 68 a8 33 80 72 4d b2 .........h.3.rM. 0080 - 0b b6 ab f2 f2 30 8b 64-f3 bf 60 18 bb cb 6d 2e .....0.d..`...m. 0090 - e7 6a 8e a0 d4 06 2d 28-8a ef e4 43 ff bd ca d9 .j....-(...C.... 00a0 - ca 8c 87 e2 97 c5 e2 c8-90 ac 16 e9 ff f5 63 31 ..............c1 00b0 - 08 87 d3 76 c8 a7 f8 3e-a4 6f 95 17 bc 36 a6 a1 ...v...>.o...6.. 00c0 - 37 53 8b da ba 50 35 ad-50 3d 34 b6 77 9c cd 3b 7S...P5.P=4.w..; 00d0 - 36 02 5c 48 93 dd ba 45-bb 2d ce b6 63 59 b6 58 6.\H...E.-..cY.X Start Time: 1746784945 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 85CF897B8F0BB087A3ADDD697F374EF68FB6A7E0B5CD8A6ABA6D0D71B882B7DF Session-ID-ctx: Resumption PSK: AE9A476653A062F858587ED044F35B7A574AF3DFEAE1665F4025F62FE3FB4F76A66F501F212FFC0534D90E6BDF6A5BFB PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - a3 8b 31 e5 cf 07 1e 35-20 f2 7d ce 82 ee 02 61 ..1....5 .}....a 0010 - 75 9a 28 8b 45 5b d4 c8-b7 a6 48 e7 6a ab a2 ec u.(.E[....H.j... 0020 - 7f b1 83 33 3e d1 db 4b-db 68 ec 05 58 6e 29 c7 ...3>..K.h..Xn). 0030 - 98 6c a5 50 61 2a d9 10-89 bd 8a d5 99 a6 77 f6 .l.Pa*........w. 0040 - dd 59 b0 0f 51 70 75 bf-54 2c 46 86 71 d3 63 cb .Y..Qpu.T,F.q.c. 0050 - 93 22 f8 0f b9 73 1b 98-12 45 3b 1a 3b 0c f7 93 ."...s...E;.;... 0060 - f2 b3 b5 74 11 90 0b 6d-c9 ec 0c cc 8e 8e 24 a5 ...t...m......$. 0070 - 14 61 a8 d1 39 99 14 23-2e 7f 23 c5 61 b0 07 f9 .a..9..#..#.a... 0080 - a4 31 22 a3 1d 2f 78 51-f4 54 19 8c 4f 82 73 e7 .1"../xQ.T..O.s. 0090 - 0b f0 18 fe 55 6f e5 de-ea 49 b5 95 b2 17 d9 d4 ....Uo...I...... 00a0 - 9f a1 0f 18 5f 45 42 32-72 43 42 e6 bb 6e d3 d4 ...._EB2rCB..n.. 00b0 - bb 77 5a 0a 9f 0b 03 a1-06 7a 9e 95 3e da 8a 90 .wZ......z..>... 00c0 - 5a 53 a0 9b 1f 0c 8d 4e-99 25 ed 87 64 28 81 f4 ZS.....N.%..d(.. 00d0 - af 83 b8 2b cd a5 8d 87-99 56 f3 43 e2 87 52 32 ...+.....V.C..R2 Start Time: 1746784945 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN] Dovecot (Ubuntu) ready. -
If the above from @joseph does not resolve the issue already, please press the
View Certificatebutton and share the output of it. -
Hi @joseph
It seems to be only with Outlook, as when connecting via Thunderbird the certificate alert isn't prompted.
The email service has been restarted a few times, with no change in the alert.
When running the openssl s_client -connect my_imap_server:993 -showcerts command with my domain i get the below...
openssl s_client -connect my.promentum.info:993 -showcerts CONNECTED(00000003) depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = R10 verify return:1 depth=0 CN = my.promentum.info verify return:1 --- Certificate chain 0 s:CN = my.promentum.info i:C = US, O = Let's Encrypt, CN = R10 a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256 v:NotBefore: Apr 24 06:12:01 2025 GMT; NotAfter: Jul 23 06:12:00 2025 GMT -----BEGIN CERTIFICATE----- MIIGIzCCBQugAwIBAgISBgI+vdmnnEoxarCbcXpIKAX2MA0GCSqGSIb3DQEBCwUA MDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQwwCgYDVQQD EwNSMTAwHhcNMjUwNDI0MDYxMjAxWhcNMjUwNzIzMDYxMjAwWjAcMRowGAYDVQQD ExFteS5wcm9tZW50dW0uaW5mbzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC ggIBANgymu/CtP2SR16zNF+DDsW5ewth0orrQizuNnIA4+gBoviHM3PvYA+0u06P QCSZOppA9GPW9ZTkTtx7ZWLl+Lq+z35tZuwB+b1f65xXblSv72nNvxz91uQwibsM AV2lr5qqXs10I1sP6bb/ZfS2NZaencsAZQs/vCK4iQ58JV2jCLYitXvZ1j49Qn2d I6zcCO6+ooyy7AA1YDBYLN2RBNSjuPC/WyicFcPgoHrjTq/CjcxUe5VswDgrn6fs 4dj67+vP1+tFLkxKdE/3ch0gI6M1F1SQ5LZmpl+ffrZGFseHZLbS26dDI/d0ek4G eooUMoDOnfVpHAFdcGUkcwkPwd0Oz6BFFn/wg2LYAK3b79PTZNUriDn31PWVrmcQ zWjjrV0WkkRiLxXvwjgvUMahupeCGvJdiYqk81nCxD/XzSInMAsh6AGUtiabD/cY bYcRAW10ZonuFkF6n2ETcXPU2d7DAn1jr5VdU/6PXIB5wBPr6DhPURh+kur7l9jE 0XqUB455GZJS89gNeFPWVqeZrjLRn3ncr9XvA55tJGN0NGTsAFQzqylumBKYjUSO ry4qQWnN6fdCqLDppzkIM24Exg6zPYw2xnlY4V1ZhRno2qFAiwGi+B6z338vIDXi JCv5wZhO+W2VVW5iS4Tl0nJVYdPf/tQQEHAioNBinmqpA8T1AgMBAAGjggJGMIIC QjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFCA/yV310ZIEBrxJl4mTEKNxQw04MB8G A1UdIwQYMBaAFLu8w0el5LypxsOkcgwQjaI14cjoMFcGCCsGAQUFBwEBBEswSTAi BggrBgEFBQcwAYYWaHR0cDovL3IxMC5vLmxlbmNyLm9yZzAjBggrBgEFBQcwAoYX aHR0cDovL3IxMC5pLmxlbmNyLm9yZy8wHAYDVR0RBBUwE4IRbXkucHJvbWVudHVt LmluZm8wEwYDVR0gBAwwCjAIBgZngQwBAgEwLwYDVR0fBCgwJjAkoCKgIIYeaHR0 cDovL3IxMC5jLmxlbmNyLm9yZy8xMTkuY3JsMIIBBAYKKwYBBAHWeQIEAgSB9QSB 8gDwAHcApELFBklgYVSPD9TqnPt6LSZFTYepfy/fRVn2J086hFQAAAGWZqI/ogAA BAMASDBGAiEA3q1W2rs0s9hEz5CjC++l/irU5S8zg26g0cvM6TVgf6ECIQC78zTW Wa933xFGUdvw6kt9898XLVkNYAmEa/wmsE9OLAB1AA3h8jAr0w3BQGISCepVLvxH dHyx1+kw7w5CHrR+Tqo0AAABlmaiP6MAAAQDAEYwRAIgNmZhCRsQ0MU/AWc0eRmi nCwnmBq1/vUT5ZXzG6XZlAwCIA2xvRZepn493pQnjDaZs+l3c+5Gj7W9faNxgHEC dZQSMA0GCSqGSIb3DQEBCwUAA4IBAQCogapxmcXWwwbraRF0v7l9KFa4Kl4R05UW ZURy5QqWpjtOp3yqXrSpB3SJGasXnUo0LLieAEtHOR8O8+p0JoJKcHrAgStUBDvj jk0a8MR/A2aiw+aN3FK5HtN/6pBFz5Z7GUDf8EtH8JOSWaPtZisigVASQuUhkCWn wnvaZq3qT0jAGhfeTzdR3kq7DuY32PdYJSiwAgkrjzWuyT05hwAWoi6pMUukZPKv ERhyHKBYNClQcCAzlJx/KjDyvB0dlCGbhpqVtlwB0atF6DQW2MKUxWnjlPtRcNYc fxuGkCRT+tistk+ar3ueRDqrxKkldHNIFtPexCaDcS4ZGg2XsFiK -----END CERTIFICATE----- 1 s:C = US, O = Let's Encrypt, CN = R10 i:C = US, O = Internet Security Research Group, CN = ISRG Root X1 a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 13 00:00:00 2024 GMT; NotAfter: Mar 12 23:59:59 2027 GMT -----BEGIN CERTIFICATE----- MIIFBTCCAu2gAwIBAgIQS6hSk/eaL6JzBkuoBI110DANBgkqhkiG9w0BAQsFADBP MQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFy Y2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBYMTAeFw0yNDAzMTMwMDAwMDBa Fw0yNzAzMTIyMzU5NTlaMDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBF bmNyeXB0MQwwCgYDVQQDEwNSMTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQDPV+XmxFQS7bRH/sknWHZGUCiMHT6I3wWd1bUYKb3dtVq/+vbOo76vACFL YlpaPAEvxVgD9on/jhFD68G14BQHlo9vH9fnuoE5CXVlt8KvGFs3Jijno/QHK20a /6tYvJWuQP/py1fEtVt/eA0YYbwX51TGu0mRzW4Y0YCF7qZlNrx06rxQTOr8IfM4 FpOUurDTazgGzRYSespSdcitdrLCnF2YRVxvYXvGLe48E1KGAdlX5jgc3421H5KR mudKHMxFqHJV8LDmowfs/acbZp4/SItxhHFYyTr6717yW0QrPHTnj7JHwQdqzZq3 DZb3EoEmUVQK7GH29/Xi8orIlQ2NAgMBAAGjgfgwgfUwDgYDVR0PAQH/BAQDAgGG MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATASBgNVHRMBAf8ECDAGAQH/ AgEAMB0GA1UdDgQWBBS7vMNHpeS8qcbDpHIMEI2iNeHI6DAfBgNVHSMEGDAWgBR5 tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAKG Fmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0gBAwwCjAIBgZngQwBAgEwJwYD VR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVuY3Iub3JnLzANBgkqhkiG9w0B AQsFAAOCAgEAkrHnQTfreZ2B5s3iJeE6IOmQRJWjgVzPw139vaBw1bGWKCIL0vIo zwzn1OZDjCQiHcFCktEJr59L9MhwTyAWsVrdAfYf+B9haxQnsHKNY67u4s5Lzzfd u6PUzeetUK29v+PsPmI2cJkxp+iN3epi4hKu9ZzUPSwMqtCceb7qPVxEbpYxY1p9 1n5PJKBLBX9eb9LU6l8zSxPWV7bK3lG4XaMJgnT9x3ies7msFtpKK5bDtotij/l0 GaKeA97pb5uwD9KgWvaFXMIEt8jVTjLEvwRdvCn294GPDF08U8lAkIv7tghluaQh 1QnlE4SEN4LOECj8dsIGJXpGUk3aU3KkJz9icKy+aUgA+2cP21uh6NcDIS3XyfaZ QjmDQ993ChII8SXWupQZVBiIpcWO4RqZk3lr7Bz5MUCwzDIA359e57SSq5CCkY0N 4B6Vulk7LktfwrdGNVI5BsC9qqxSwSKgRJeZ9wygIaehbHFHFhcBaMDKpiZlBHyz rsnnlFXCb5s8HKn5LsUgGvB24L7sGNZP2CX7dhHov+YhD+jozLW2p9W4959Bz2Ei RmqDtmiXLnzqTpXbI+suyCsohKRg6Un0RC47+cpiVwHiXZAW+cn8eiNIjqbVgXLx KPpdzvvtTnOPlC7SQZSYmdunr3Bf9b77AiC/ZidstK36dRILKz7OA54= -----END CERTIFICATE----- --- Server certificate subject=CN = my.promentum.info issuer=C = US, O = Let's Encrypt, CN = R10 --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 3685 bytes and written 399 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 4096 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 4BD471C720F74F914D6FD783B8289F6CA08BA52BFAF89D2D46B8D89F992845D7 Session-ID-ctx: Resumption PSK: 1B942C5384C631FA71F4D00D41838CCC0F1A02A91563D3085A555F10BDBBCB8B049495AC765610B1B711BD5728F188BA PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - a3 8b 31 e5 cf 07 1e 35-20 f2 7d ce 82 ee 02 61 ..1....5 .}....a 0010 - ea ff f1 f0 17 1e 74 0c-79 48 a3 6b b3 2d 2e 69 ......t.yH.k.-.i 0020 - fb 3f 92 1a 2c 81 74 10-17 11 70 32 74 99 35 12 .?..,.t...p2t.5. 0030 - 01 b0 78 e2 c3 3a 9d ed-3a bc 7b 2c dc 89 be 81 ..x..:..:.{,.... 0040 - c5 0c 3b 63 bb 9c e1 b9-54 5c b4 94 4b 97 c5 77 ..;c....T\..K..w 0050 - 82 85 7d 42 1b d3 10 6c-e9 01 30 95 13 2e de 5c ..}B...l..0....\ 0060 - 6f 05 dc 5f 45 11 51 d0-01 08 78 c7 71 76 09 f6 o.._E.Q...x.qv.. 0070 - ec df b6 86 2e fb 13 b2-bf 68 a8 33 80 72 4d b2 .........h.3.rM. 0080 - 0b b6 ab f2 f2 30 8b 64-f3 bf 60 18 bb cb 6d 2e .....0.d..`...m. 0090 - e7 6a 8e a0 d4 06 2d 28-8a ef e4 43 ff bd ca d9 .j....-(...C.... 00a0 - ca 8c 87 e2 97 c5 e2 c8-90 ac 16 e9 ff f5 63 31 ..............c1 00b0 - 08 87 d3 76 c8 a7 f8 3e-a4 6f 95 17 bc 36 a6 a1 ...v...>.o...6.. 00c0 - 37 53 8b da ba 50 35 ad-50 3d 34 b6 77 9c cd 3b 7S...P5.P=4.w..; 00d0 - 36 02 5c 48 93 dd ba 45-bb 2d ce b6 63 59 b6 58 6.\H...E.-..cY.X Start Time: 1746784945 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 85CF897B8F0BB087A3ADDD697F374EF68FB6A7E0B5CD8A6ABA6D0D71B882B7DF Session-ID-ctx: Resumption PSK: AE9A476653A062F858587ED044F35B7A574AF3DFEAE1665F4025F62FE3FB4F76A66F501F212FFC0534D90E6BDF6A5BFB PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - a3 8b 31 e5 cf 07 1e 35-20 f2 7d ce 82 ee 02 61 ..1....5 .}....a 0010 - 75 9a 28 8b 45 5b d4 c8-b7 a6 48 e7 6a ab a2 ec u.(.E[....H.j... 0020 - 7f b1 83 33 3e d1 db 4b-db 68 ec 05 58 6e 29 c7 ...3>..K.h..Xn). 0030 - 98 6c a5 50 61 2a d9 10-89 bd 8a d5 99 a6 77 f6 .l.Pa*........w. 0040 - dd 59 b0 0f 51 70 75 bf-54 2c 46 86 71 d3 63 cb .Y..Qpu.T,F.q.c. 0050 - 93 22 f8 0f b9 73 1b 98-12 45 3b 1a 3b 0c f7 93 ."...s...E;.;... 0060 - f2 b3 b5 74 11 90 0b 6d-c9 ec 0c cc 8e 8e 24 a5 ...t...m......$. 0070 - 14 61 a8 d1 39 99 14 23-2e 7f 23 c5 61 b0 07 f9 .a..9..#..#.a... 0080 - a4 31 22 a3 1d 2f 78 51-f4 54 19 8c 4f 82 73 e7 .1"../xQ.T..O.s. 0090 - 0b f0 18 fe 55 6f e5 de-ea 49 b5 95 b2 17 d9 d4 ....Uo...I...... 00a0 - 9f a1 0f 18 5f 45 42 32-72 43 42 e6 bb 6e d3 d4 ...._EB2rCB..n.. 00b0 - bb 77 5a 0a 9f 0b 03 a1-06 7a 9e 95 3e da 8a 90 .wZ......z..>... 00c0 - 5a 53 a0 9b 1f 0c 8d 4e-99 25 ed 87 64 28 81 f4 ZS.....N.%..d(.. 00d0 - af 83 b8 2b cd a5 8d 87-99 56 f3 43 e2 87 52 32 ...+.....V.C..R2 Start Time: 1746784945 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN] Dovecot (Ubuntu) ready.@PMConor said in Security certificate cannot be verified:
It seems to be only with Outlook, as when connecting via Thunderbird the certificate alert isn't prompted.
the certs look correct and valid . So, it's some outlook client issue . I don't have a Windows PC to test but by mobile do you mean Android app ?
-
@PMConor said in Security certificate cannot be verified:
It seems to be only with Outlook, as when connecting via Thunderbird the certificate alert isn't prompted.
the certs look correct and valid . So, it's some outlook client issue . I don't have a Windows PC to test but by mobile do you mean Android app ?
-
could it be that outlook wants to connect to something like
imap.promentum.infoand not themysubdomain? -
P PMConor has marked this topic as solved
