No sync of emails after renewing Letsencrypt-certificate - email

i have a selfmanaged mailserver (ubuntu 20.04, dovecot) and i´m using Thunderbird on clientside.
Letsencrypt is installed for certification purposes.
Now sometimes i have to renew my certificates. When it´s done, i can´t sync with my Mailserver on Thunderbird. I got no error messages by mailclient, but no Mails.
I´ve tried to delete the stored certificates in thunderbird, but that doesnt change anything.
After i create a new account (same address) all works as usual, until i renew the certificates again.
How can i solve this problem?
It´s like Thunderbird is caching the old certificate and dont get the new one.

Related

Emacs - email and ssl certificate

Is there a way to setup Emacs to get emails from a gmail account or hotmail account from a local machine (not from a web hosting provider) without using certificate (or how to install certificates on local machine)
I read some how-to-do and they spoke about SSL-Certificate to install on a specific folder (that point make me confuse).
Thank.

How to fix ERR_CERT_REVOKED issue in iPhone for GoDaddy issued certificate?

I am getting ERR_CERT_REVOKED in iPhone while accessing our website which uses a GoDaddy SSL certificate. It works fine on Laptop on all browsers but gives this error on iPhone.
Godaddy is facing an AutoSSL technical issue where they are not able to renew the SSL certificate. Mine has been down for 2 days now and has contacted their support multiple times. No permanent fix as of now.
You can do these steps which can put you in the queue for AutoSSL renewal. They haven't mentioned a timeframe for the resolution of this issue, unfortunately.
Steps:
Go to Cpanel of Hosting
Select SSL/TLS
Select Generate, view, upload, or delete SSL certificates.
Delete all self-signed certificates
Go to Cpanel and select SSL/TLS Status
Select all domains you want to renew and click Run AutoSSL
This will put your domain in the queue for renewal.
God knows when these guys will resolve the issue and renew it though.

How to use self signed certificate at iOS app

Basically our iOS app needs to communicate with a server which has a self signed certificate for now. In my app, the https is failing with untrusted server certificate which is understandable. The error is like this:
Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “my host name here” which could put your confidential information at risk."
So I sent the self signed certificate via email to the iOS device and imported into the profiles and hoping that it would be used as part of root CA for https authentication. To my surprise, it is not and I am still getting the same error. I think that iOS would be default to use root CAs at keychain to validate the server certificate and from what I read, the imported certificate at profiles are at keychain as well. So I could not understand why my imported self signed certificate is not used as root CA.
At this point, I don't really want to trust this self signed certificate via the coding like this iOS authenticate HTTPS with self-signed certificate or In iOS, how to connect to a server using https with self-signed certificate on the server? since this won't work in customer case where they would install our server on their network and they could create their own self signed certificate.
Somehow I didn't really get much information around this from searching. Could anyone shed some lights here and what I need to do to debug this? Thanks very much.
Update on July 15:
More update around this. I also tried to use configuration profile to add a self signed CA to root CA at the iOS device by following Adding Trusted Root Certificate Authorities to iOS , from my testing on 6.0 iPad and iPhone, it doesn't work as well. So not sure if that only works on jail broken device or not. In the end, I end up by allowing user to import a self signed certificate into the app. The app would load such imported certificate for certificate verification similar to this In iOS, how to connect to a server using https with self-signed certificate on the server?. Hope that it would help others in this case.
looking at the first tutorial you linked to you should be able to use that or some more advanced form of that and once you have tested and have it working then all you have to do for a client to create and add their own certificate would be to override/replace the localhost.cer file in the apps folder where the file localhost.cer "or whatever name scheme you use" is located. there are many ways to do this but one could be telling the app a link where the certificate is online for download and once downloaded, then replace.
Any questions I'll try and help further but hopes this helps you in the right direction.

google apps for business cannot receive mail

I recently signed up for my client Google Apps for Business. Everything setup fine and verification all done.
The only problem is I cannot receive mail to the newly setup mail. I can send out mail no problem.
It seems like the SMTP server had changed but pop3 or IMAP server still using the old one.
How can I resolve that? Thanks!

Can't connect to production Apple Push Notification server

We had no problem sending notifications to provisioned devices using the development certification and gateway.sandbox.push.apple.com. But now now that our app is in the store, it appears we can't even connect to the production apn server (gateway.push.apple.com) to send pushes, even when we're using the machines that created the certificates in the first place.
We've run this through PushMeBaby and it looks like the connection to gateway.push.apple.com is getting refused. When it executes the handshake ( SSLHandshake(context) ) the result is error code -9044, or errSSLConnectionRefused - The peer dropped the connection before responding.
I know enough about ssl and encryption to know that I don't know a thing, but I'm pretty sure that the issue is (or starts with) our production SSL cert. Push notification is enabled for production in the iPhone portal (we have a green light). The certificate has been installed on the machine running PushMeBaby and I see both the certificate and the signing key in my keychain. When I exported the development push certificate and used it in PushMeBaby, I was able to connect (and send pushes) no problem. But with the production cert, We get nowhere. We've repeatedly revoked and recreated both the dev cert and the prod cert on two separate computers, so if this is human error, we're doing it repeatedly.
One thing that may be a factor is that I have the "team agent" key on my keychain, but I'm not her. I can and have submitted binaries to the App store without any issue.
Also, we've not set up a provisioning profile after creating the production cert. I'm not sure if that's a factor, but I can't see how it might be for an in-store app.
I sure hope someone has some ideas, because I'm out of them!
As the documentation said it exists 2 certificates and 2 IP address for the push notification:
Sandbox: gateway.sandbox.push.apple.com, port 2195. (for the development)
Production: gateway.push.apple.com, port 2195. (for the release)
You always use the gateway for the development. Try to use the other gateway (for the production).
For more information see here: Provisioning and Development
Yes, I've solved this error.
I lost a few days finding the solution.
The problem is in the line:
result = SSLSetPeerDomainName(context, "gateway.sandbox.push.apple.com", 30);
NSLog(#"SSLSetPeerDomainName(): %d", result);
You have to change the port to number 30. This solves the problem.
Similar problem was happening in our tests because we were trying to use developer device token instead of a production one.