How to use SSL for email

  • Installed the cert via the cli and answered yes to use SSL in email/ftp and control panel.


    Control panel now resolves https fine but imapd still gives this error:


    Nov 27 12:17:39 sosaria imapd-ssl: couriertls: /etc/imscp/imscp_services.pem: error:0906D06C:PEM routines:PEM_read_bio:no start line
    Nov 27 12:17:39 sosaria imapd-ssl: Unexpected SSL connection shutdown.


    Any ideas? My cert, private key and bundle are valid. Ports are standard right? 993 and 587?

  • I've upgraded to 1.5.1 just in case. still the same error. I've checked my /etc/imscp/imscp_services.pem file and the certificates contain in this order: private key, certificate and then my CA bundle. All have their own begin and end lines, there are no spaces or unwanted carriage returns. Googling the error seems to come up with cert format but don't see anything bad abut the format. Any ideas?


    Is the order right? Private key cert first?
    If its working for HTTPS on my control panel does that confirm my cert is good right?
    Does couriertls use the certs differently than apache?



    Code
    1. Nov 28 09:36:45 sosaria imapd-ssl: Unexpected SSL connection shutdown.
    2. Nov 28 09:36:50 sosaria imapd-ssl: couriertls: /etc/imscp/imscp_services.pem: error:0906D06C:PEM routines:PEM_read_bio:no start line

    From Windows Outlook and Mac mail.

  • ok,


    I've seen 3 .pem files.


    serverdefaultpage.pem (Which is different, not sure what this is??)


    These two are identical.
    imscp_services.pem
    mydomain.com.pem

  • If you see the error its referring to the /etc/imscp/imscp_services.pem file. I've triple checked it and don't see any discrepancies.


    Ive run openssl x509 -in imscp_services.pem -text -noout and I get a clear output no errors.

  • Right.


    So the config file for courier is this one?


    /etc/courier/imap-ssl


    There is no sign of TLS_DHPARAMS= parameter in this file. The closest is: TLS_DHCERTFILE=


    I tried adding the following there:


    TLS_DHCERTFILE=/etc/courier/dhparams.pem


    Restarted Courier and I get the same error.


    I then tried adding the command from the website to the end of the /etc/courier/imap-ssl file. As there is no section defined.


    TLS_DHPARAMS=/etc/courier/dhparams.pem I removed previous edited entries and restarted courier. I now get:


    Unexpected SSL connection shutdown.


    A little different but still does not work. Hmmmm getting closer I think....

  • I've also done this after googling more:


    deleted /etc/courier/dhparams.pem and recreated with DH_BITS=2048 mkdhparams


    I use Courier:


    ii courier-base 0.73.1-1.6 amd64 Courier mail server - base system
    ii courier-imap 4.15-1.6 amd64 Courier mail server - IMAP server
    ii courier-imap-ssl 4.15-1.6 amd64 Courier mail server - IMAP over SSL
    ii courier-pop 0.73.1-1.6 amd64 Courier mail server - POP3 server
    ii courier-pop-ssl 0.73.1-1.6 amd64 Courier mail server - POP3 over SSL
    ii courier-ssl 0.73.1-1.6 amd64 Courier mail server - SSL/TLS Support


    After rebooting the server I can use port 143 checking the SSL box. Is this now working? Or should the port be 993?