Unable to connect to IMAP via SSL/TLS

adam2020

adam2020

Verified User
Joined
Mar 3, 2020
Messages
20
Hi All,

We have been working on a problem for some time with our DA Server not allowing us to connect to IMAP via SSL/TLS. We have checked our secure email ports and they are open, all the setup seems to be ok and we can connect to email using standard non secure ports.

SSL = A OK

We are getting a generic 'Something went wrong' from all the email clients we try to use.

Server address we use is the same for non secure (which connects)

Even my server admin which are usually very good are a little stumped with this one.

Not sure where else to go from here - Any advice please?
 
We had a similar issue sometime ago... they were using MAC / IOS devices....
Never got to the bottom of it.
 
You might need a RapidSSL certificate bundle that is found on these devices. Letsencrypt hasn’t taken over, just yet.

Best practice would be to have mail.hosting.tld running RapidSSL instead of your usual letsencrypt. See https://www.servertastic.com for cheap options.
 
adam2020 said:
Hi All,

We have been working on a problem for some time with our DA Server not allowing us to connect to IMAP via SSL/TLS. We have checked our secure email ports and they are open, all the setup seems to be ok and we can connect to email using standard non secure ports.

SSL = A OK

We are getting a generic 'Something went wrong' from all the email clients we try to use.

Server address we use is the same for non secure (which connects)

Even my server admin which are usually very good are a little stumped with this one.

Not sure where else to go from here - Any advice please?
Click to expand...

Just had a similar issue , do you use exim 4.94?
Just restart exim (from command line) and see if your client can connect
 
You need to enable better logging so you can see exactly what is going wrong. It could be that you are attempting to use a self-signed certificate, which is fine if you know how to tell your clients to accept it. Apple and Mac's do make it more difficult to use self-signed certificates. The other common issue is that you are using a certificate that depends on a chained-certificate and either it wasn't installed or installed wrong (like wrong order in the pem). What do you see when you do "openssl s_client -connect $SERVERNAME:993", where you replace $SERVERNAME with the name/location of your server?
 
You must log in or register to reply here.
Back
Top