Let's Encrypt verify fail
117 views
Skip to first unread message
mas...@gmail.com
Oct 1, 2021, 4:40:27 AM10/1/21
to R2Mail2 BETA Test
Hi!
I'm using an Android 9 device which should be fine for the recently expired LE root.
Still r2mail2 started to fail verifying the path of my server down to root and complains if verification is forced.
Any idea why?
Greetings, Wolfgang
Olav Seyfarth
Oct 1, 2021, 6:44:26 AM10/1/21
to R2Mail2 BETA Test
Henry Kiessling
Dec 6, 2021, 7:36:05 AM12/6/21
to R2Mail2 BETA Test
Hi Olay,
Let's encrypt certificates still not working. Even in a new certificate are 2 paths:
1.
R3
Fingerprint SHA256: 67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd
Pin SHA256: jQJTbIh0grw0/1TkHSumWb+Fs0Ggogr621gT3PvPKG0=
RSA 2048 bits (e 65537) / SHA256withRSA
In trust store
ISRG Root X1 Self-signed
Fingerprint SHA256: 96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6
Pin SHA256: C5+lpZ7tcVwmwQIMcRtPbsQtWLABXhQzejna0wHFr8M=
RSA 4096 bits (e 65537) / SHA256withRSA
R3
Fingerprint SHA256: 67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd
Pin SHA256: jQJTbIh0grw0/1TkHSumWb+Fs0Ggogr621gT3PvPKG0=
RSA 2048 bits (e 65537) / SHA256withRSA
In trust store
ISRG Root X1 Self-signed
Fingerprint SHA256: 96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6
Pin SHA256: C5+lpZ7tcVwmwQIMcRtPbsQtWLABXhQzejna0wHFr8M=
RSA 4096 bits (e 65537) / SHA256withRSA
and the
2.
R3
Fingerprint SHA256: 67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd
Pin SHA256: jQJTbIh0grw0/1TkHSumWb+Fs0Ggogr621gT3PvPKG0=
RSA 2048 bits (e 65537) / SHA256withRSA
Sent by server
ISRG Root X1
Fingerprint SHA256: 6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f
Pin SHA256: C5+lpZ7tcVwmwQIMcRtPbsQtWLABXhQzejna0wHFr8M=
RSA 4096 bits (e 65537) / SHA256withRSA
In trust store
DST Root CA X3 Self-signed
Fingerprint SHA256: 0687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739
Pin SHA256: Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys=
RSA 2048 bits (e 65537) / SHA1withRSA
Valid until: Thu, 30 Sep 2021 14:01:15 UTC
EXPIRED
Weak or insecure signature, but no impact on root certificate
Fingerprint SHA256: 67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd
Pin SHA256: jQJTbIh0grw0/1TkHSumWb+Fs0Ggogr621gT3PvPKG0=
RSA 2048 bits (e 65537) / SHA256withRSA
Sent by server
ISRG Root X1
Fingerprint SHA256: 6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f
Pin SHA256: C5+lpZ7tcVwmwQIMcRtPbsQtWLABXhQzejna0wHFr8M=
RSA 4096 bits (e 65537) / SHA256withRSA
In trust store
DST Root CA X3 Self-signed
Fingerprint SHA256: 0687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739
Pin SHA256: Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys=
RSA 2048 bits (e 65537) / SHA1withRSA
Valid until: Thu, 30 Sep 2021 14:01:15 UTC
EXPIRED
Weak or insecure signature, but no impact on root certificate
I guess r2mail2 has the same problem like open-ssl-1.0.2 with certification-paths where is one expired.
I imported self-signed ISRG-Root X1 in private store, but i still get the error-message "Zertifikatskette nicht gültig - Wurzelzertifikat wurde nicht gefunden!".
If you need more information or a test-account on our mailservers, so don't hesitate to ask :-)
Greetings, Henry
Olav Seyfarth
Dec 6, 2021, 6:12:36 PM12/6/21
to R2Mail2 BETA Test
Hi Henry, just to make that clear: I'm just an ordinary R2Mail2 user. Olav
Ma Ka
Jan 1, 2022, 3:23:37 PM1/1/22
to R2Mail2 BETA Test
I sitll have the same issue here. I have to edit the settings everytime I renew the LE certificate on my mailserver. It is no problem for me, but the other users f my mailserver who use r2mail2 up on my suggestion, are not experienced tech users and I have to resolve it every time on their r2mail2 too. Does anyone have a solution for this?
Reply all
Reply to author
Forward
0 new messages