question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[BUG] TSL/SSL Authentication error on poste.io

See original GitHub issue

dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx, TLS handshaking: SSL_accept() failed: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca: SSL alert number 48

Error when trying to connect POP3 or IMAP through the Thunderbird mail client. The issue is it doesn’t make a connection behind the Caprover reverse proxy, the SSL certificate doesn’t get set in Poste itself.

But this works if you turn authentication off, which for obvious reasons is less than ideal. If I request a certificate it doesn’t work behind a reverse proxy.

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Comments:11 (3 by maintainers)

github_iconTop GitHub Comments

3reactions
laruchecommented, Oct 26, 2020

To close this Bug, a quick tutorial for Caprover One Click Install

To Activate SSL/TLS in Poste.io

Use Caprover let’s encrypt method

In {your app}'s HTTP Settings, activate SSL on your domain

In App Confg, add new folder in Persistent Directories

image

TLS / SSL is now activated, and your mail’s app can use it !

**If you want use Poste.io let’s encrypt, but loose https acces to your domain **

In {your app}'s HTTP Settings, don’t activate SSL on any domain, click on Edit Default NGINX Config AND remove thoses lines (present two times in the default config)

Used by Lets Encrypt location /.well-known/acme-challenge/ { root <%-s.staticWebRoot%>; }

After app reboot, go to : http://yourcustomedomain.com/admin And to : System Settings => TLS Certificate Click on Add Let’s Encrypt certificate Execute Poste.io script

Hope this tutorial help you 😃

2reactions
javanese84commented, Aug 6, 2021

Yes, letting poste.io manage the certificate (method 2 that @laruche suggested) works. But with that, you loose https access to webamil and admin. That isn’t a very nice solution.

Did anyone get it to work with the caprover certificates?

Read more comments on GitHub >

github_iconTop Results From Across the Web

Custom TLS settings - Poste.io documentation
Poste.io comes by default preconfigured by latest security measures. ... most current devices, some legacy devices can have problem to login or send...
Read more >
Poste.io - can't login by mail application - bad SSL certificate
I've got error that my username or password is incorrect. I've double checked and username and password is ok. So I login into...
Read more >
elastic/logstash - Gitter
Final] elasticsearch | at io.netty.handler.codec. ... Hi folks, has anyone got an idea of how to fix this connection/authentication problem?
Read more >
Dollar Universe – Network Parameters – TLS/SSL Settings
Variable / Label I/S/D Description U_SSL_PRIVATE_KEY. Key file name S privkey.pem by default U_SSL_SERVER_CERT. Certificate file name S server.cer by default U_SSL_CA_PATH. Path where CA certificate...
Read more >
Transport Layer Security - Wikipedia
Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found