LetsEncrypt on 1.4.2 have error.

**akong7777** · Apr 6th 2017

Hello,
I have upgrade to 1.4.2. But I have found LetsEncrypt 3.0.0 on imscp 1.4.2 have smtp error.

Quote

warning: TLS library problem: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:s3_pkt.c:1315:SSL alert number 42:

I disabled LetsEncrypt 3.0.0 and re-enabled it.
It's can't enabled it and show error.

Quote

Plugin::LetsEncrypt::enable: Error: couldn't get currently installed version for /root/.local/share/letsencrypt/bin/letsencrypt: Traceback (most recent call last): File "/root/.local/share/letsencrypt/bin/letsencrypt", line 7, in from certbot.main import main File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 13, in from acme import jose File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/jose/__init__.py", line 37, in from acme.jose.interfaces import JSONDeSerializable File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/jose/interfaces.py", line 9, in from acme.jose import util File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/jose/util.py", line 4, in from cryptography.hazmat.primitives.asymmetric import rsa File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/cryptography/hazmat/primitives/asymmetric/rsa.py", line 14, in from cryptography.hazmat.backends.interfaces import RSABackend File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/cryptography/hazmat/backends/__init__.py", line 7, in import pkg_resources File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 21, in import io File "/usr/lib/python2.7/io.py", line 51, in import _ioImportError: No module named _io

How to fix it?

**akong7777** · Apr 6th 2017

Quote

warning: TLS library problem: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:s3_pkt.c:1315:SSL alert number 42:

I use thunderbird mail client.I can send mail when I allow this cert.But python error still.

**Nuxwin** · Apr 6th 2017

@akong7777

Can we acces the server?

**akong7777** · Apr 6th 2017

OK,The same connect information.

**Nuxwin** · Apr 6th 2017

@akong7777

Problem fixed. Certbot client was not installed correctly:

Shell-Script

root@web1:~# certbot-auto --versionError: couldn't get currently installed version for /root/.local/share/letsencrypt/bin/letsencrypt:Traceback (most recent call last):File "/root/.local/share/letsencrypt/bin/letsencrypt", line 7, in <module>from certbot.main import mainFile "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 13, in <module>from acme import joseFile "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/jose/__init__.py", line 37, in <module>from acme.jose.interfaces import JSONDeSerializableFile "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/jose/interfaces.py", line 9, in <module>from acme.jose import utilFile "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/jose/util.py", line 4, in <module>from cryptography.hazmat.primitives.asymmetric import rsaFile "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/cryptography/hazmat/primitives/asymmetric/rsa.py", line 14, in <module>from cryptography.hazmat.backends.interfaces import RSABackendFile "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/cryptography/hazmat/backends/__init__.py", line 7, in <module>import pkg_resourcesFile "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 21, in <module>import ioFile "/usr/lib/python2.7/io.py", line 51, in <module>import _ioImportError: No module named _io

I've fixed the problem as follow

Shell-Script

root@web1:~# rm -r /root/.local/root@web1:~# certbot-auto --versionBootstrapping dependencies for Debian-based OSes...已有 http://security.debian.org jessie/updates InRelease已有 http://security.debian.org jessie/updates/main Sources已有 http://security.debian.org jessie/updates/contrib Sources已有 http://security.debian.org jessie/updates/non-free Sources已有 http://security.debian.org jessie/updates/main amd64 Packages已有 http://security.debian.org jessie/updates/contrib amd64 Packages略過 http://ftp.debian.org jessie InRelease已有 http://security.debian.org jessie/updates/non-free amd64 Packages已有 http://http.debian.net jessie-backports InRelease已有 http://security.debian.org jessie/updates/contrib Translation-en已有 http://security.debian.org jessie/updates/main Translation-en已有 http://security.debian.org jessie/updates/non-free Translation-en已有 http://ftp.debian.org jessie-updates InRelease下載:1 http://http.debian.net jessie-backports/main Sources/DiffIndex [27.8 kB]已有 http://ftp.debian.org jessie-backports InRelease下載:2 http://http.debian.net jessie-backports/contrib Sources/DiffIndex [27.4 kB]已有 http://ftp.debian.org jessie Release.gpg下載:3 http://http.debian.net jessie-backports/non-free Sources/DiffIndex [20.5 kB]已有 http://ftp.debian.org jessie-updates/main Sources下載:4 http://http.debian.net jessie-backports/main amd64 Packages/DiffIndex [27.8 kB]已有 https://packages.sury.org jessie InRelease已有 http://ftp.debian.org jessie-updates/contrib Sources下載:5 http://http.debian.net jessie-backports/contrib amd64 Packages/DiffIndex [23.3 kB]已有 https://packages.sury.org jessie/main Sources已有 http://ftp.debian.org jessie-updates/non-free Sources下載:6 http://http.debian.net jessie-backports/non-free amd64 Packages/DiffIndex [18.9 kB]下載:7 http://ftp.debian.org jessie-updates/main amd64 Packages/DiffIndex [7,408 B]已有 https://packages.sury.org jessie/main amd64 Packages下載:8 http://http.debian.net jessie-backports/contrib Translation-en/DiffIndex [6,484 B]已有 http://ftp.debian.org jessie-updates/contrib amd64 Packages下載:9 https://packages.sury.org jessie/main Translation-zh_TW [169 B]下載:10 http://http.debian.net jessie-backports/main Translation-en/DiffIndex [27.8 kB]下載:11 http://ftp.debian.org jessie-updates/non-free amd64 Packages/DiffIndex [736 B]下載:12 https://packages.sury.org jessie/main Translation-zh [169 B]下載:13 http://http.debian.net jessie-backports/non-free Translation-en/DiffIndex [14.7 kB]已有 http://ftp.debian.org jessie-updates/contrib Translation-en下載:14 https://packages.sury.org jessie/main Translation-en [169 B]下載:15 http://ftp.debian.org jessie-updates/main Translation-en/DiffIndex [2,704 B]下載:16 https://packages.sury.org jessie/main Translation-zh_TW [169 B]下載:17 http://ftp.debian.org jessie-updates/non-free Translation-en/DiffIndex [736 B]下載:18 https://packages.sury.org jessie/main Translation-zh [169 B]下載:19 http://ftp.debian.org jessie-backports/main Sources/DiffIndex [27.8 kB]下載:20 https://packages.sury.org jessie/main Translation-en [169 B]下載:21 https://packages.sury.org jessie/main Translation-zh_TW [169 B]下載:22 http://ftp.debian.org jessie-backports/contrib Sources/DiffIndex [27.4 kB]下載:23 https://packages.sury.org jessie/main Translation-zh [169 B]下載:24 http://ftp.debian.org jessie-backports/non-free Sources/DiffIndex [20.5 kB]下載:25 https://packages.sury.org jessie/main Translation-en [169 B]下載:26 http://ftp.debian.org jessie-backports/main amd64 Packages/DiffIndex [27.8 kB]下載:27 https://packages.sury.org jessie/main Translation-zh_TW [169 B]下載:28 http://ftp.debian.org jessie-backports/contrib amd64 Packages/DiffIndex [23.3 kB]下載:29 https://packages.sury.org jessie/main Translation-zh [169 B]下載:30 http://ftp.debian.org jessie-backports/non-free amd64 Packages/DiffIndex [18.9 kB]下載:31 https://packages.sury.org jessie/main Translation-en [169 B]下載:32 http://ftp.debian.org jessie-backports/contrib Translation-en/DiffIndex [6,484 B]下載:33 https://packages.sury.org jessie/main Translation-zh_TW [169 B]略過 https://packages.sury.org jessie/main Translation-zh_TW下載:34 https://packages.sury.org jessie/main Translation-zh [169 B]略過 https://packages.sury.org jessie/main Translation-zh下載:35 http://ftp.debian.org jessie-backports/main Translation-en/DiffIndex [27.8 kB]下載:36 https://packages.sury.org jessie/main Translation-en [169 B]略過 https://packages.sury.org jessie/main Translation-en下載:37 http://ftp.debian.org jessie-backports/non-free Translation-en/DiffIndex [14.7 kB]已有 http://ftp.debian.org jessie Release已有 http://ftp.debian.org jessie/main Sources已有 http://ftp.debian.org jessie/contrib Sources已有 http://ftp.debian.org jessie/non-free Sources已有 http://ftp.debian.org jessie/main amd64 Packages已有 http://ftp.debian.org jessie/contrib amd64 Packages已有 http://ftp.debian.org jessie/non-free amd64 Packages已有 http://ftp.debian.org jessie/contrib Translation-en已有 http://ftp.debian.org jessie/main Translation-zh_TW已有 http://ftp.debian.org jessie/main Translation-zh已有 http://ftp.debian.org jessie/main Translation-en已有 http://ftp.debian.org jessie/non-free Translation-en取得 401 kB 用了 11s (35.6 kB/s)正在讀取套件清單... 完成正在讀取套件清單... 完成正在重建相依關係正在讀取狀態資料... 完成augeas-lenses 已經是最新版本了。libaugeas0 已經是最新版本了。ca-certificates 已經是最新版本了。gcc 已經是最新版本了。libffi-dev 已經是最新版本了。python 已經是最新版本了。python-dev 已經是最新版本了。python-virtualenv 已經是最新版本了。virtualenv 已經是最新版本了。libssl-dev 已經是最新版本了。openssl 已經是最新版本了。升級 0 個，新安裝 0 個，移除 0 個，有 0 個未被升級。Creating virtual environment...Installing Python packages...Installation succeeded.certbot 0.12.0

Shell-Script

root@web1:~# certbot-auto --versioncertbot 0.12.0

[hr]
For your mail client problem, please use web1.aspa.idv.tw as IMAP and SMTP server hostname. Postfix and Dovecot both use the /etc/imscp/imscp_services.pem SSL certificate (copy of Let's Encrypt SSL certificate) which is valid till 28 june 2017:

Shell-Script

root@web1:~# openssl verify -CAfile /etc/letsencrypt/live/web1.aspa.idv.tw/fullchain.pem /etc/letsencrypt/live/web1.aspa.idv.tw/fullchain.pem/etc/letsencrypt/live/web1.aspa.idv.tw/fullchain.pem: OK

Shell-Script

root@web1:~# openssl verify -CAfile /etc/imscp/imscp_services.pem /etc/imscp/imscp_services.pem/etc/imscp/imscp_services.pem: OK

Shell-Script

root@web1:~# openssl x509 -noout -text -in /etc/imscp/imscp_services.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:6a:e4:8f:44:a9:48:04:d7:63:c9:54:65:a5:39:b0:4f:81
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
Validity
Not Before: Mar 30 14:51:00 2017 GMT
Not After : Jun 28 14:51:00 2017 GMT
Subject: CN=web1.aspa.idv.tw
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c8:2a:25:33:d5:85:9d:91:30:0e:4b:dd:dd:09:
f1:c2:b2:b1:26:12:3f:54:fb:a9:4d:fe:25:72:1e:
4b:7c:9d:fb:68:71:82:b3:32:6b:30:36:00:50:23:
08:97:69:5d:92:20:b4:99:a2:81:72:49:db:64:98:
00:74:fd:43:3e:4b:7a:df:0d:f2:8c:0c:b3:3b:63:
5d:0d:f9:53:79:6b:7d:b3:62:66:93:cd:9d:ba:b4:
27:ca:ee:91:5e:8e:dc:f2:c8:c4:6b:da:a1:b3:72:
9e:2a:3b:0d:d9:2a:83:80:b2:71:47:e1:b3:55:9f:
bd:42:22:e7:e7:e6:89:86:34:79:a4:98:82:74:e0:
6c:2c:c3:ee:65:0d:be:f7:47:4c:f9:e7:16:b0:00:
71:58:b7:a5:32:5d:06:cd:8b:f1:a0:58:da:03:b4:
92:b3:a1:eb:1e:b2:2d:7d:e9:5e:d4:44:68:91:2d:
d8:14:d7:55:4f:6b:14:3b:fc:b3:ef:2f:58:31:96:
e9:1d:5e:73:7f:3e:e1:7b:47:00:41:30:b2:c4:66:
32:16:0a:0c:e4:79:7a:74:78:b2:dc:48:21:6d:53:
37:b7:99:fa:74:00:36:02:b4:1b:1a:50:4e:bf:dc:
6b:20:8d:bd:2e:9a:c5:c6:55:3f:a1:ac:38:06:83:
46:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
C0:2F:7E:18:47:B4:5B:04:57:76:12:72:35:26:8A:CA:BE:E7:95:1E
X509v3 Authority Key Identifier:
keyid:A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1
Authority Information Access:
OCSP - URI:http://ocsp.int-x3.letsencrypt.org/
CA Issuers - URI:http://cert.int-x3.letsencrypt.org/
X509v3 Subject Alternative Name:
DNS:ftp.aspa.idv.tw, DNS:mail.aspa.idv.tw, DNS:web1.aspa.idv.tw
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
User Notice:
Explicit Text: This Certificate may only be relied upon by Relying Parties and only in accordance with the Certificate Policy found at https://letsencrypt.org/repository/
Signature Algorithm: sha256WithRSAEncryption
60:c7:29:27:47:99:5e:f2:a6:62:89:8f:95:ff:c8:bd:c2:33:
fd:46:00:00:84:d3:fe:c6:06:45:82:a8:bf:9f:ef:75:7e:1a:
b2:87:e2:d8:fd:2d:d0:2d:03:e0:1b:46:a5:68:49:91:0c:ad:
92:fe:39:22:06:38:ae:0a:06:57:02:cf:b7:97:5e:ce:05:aa:
47:22:d8:8d:51:7e:8f:e0:0d:b2:39:c3:b6:9d:55:c6:43:b2:
b1:f9:4c:c7:a6:ff:a1:04:ee:dc:b7:58:88:ae:12:15:c4:d1:
22:aa:0f:5f:6a:0f:a3:f3:a8:f5:08:a3:b5:f9:f7:99:97:ff:
e8:ea:a7:63:a4:5c:22:96:f9:84:47:f6:89:ce:a4:b8:2c:2d:
5c:3a:9d:c2:2d:c9:f8:b1:bc:85:97:7e:a9:32:62:1f:17:95:
5d:2a:8a:4d:ae:3a:a2:2f:c6:61:7a:84:d3:41:34:d4:8e:ec:
e2:9a:f0:51:06:3a:d4:1c:7d:45:a0:2a:66:50:33:7d:8b:30:
61:11:c3:b5:ff:88:a9:c2:32:c6:fa:98:dd:a4:e5:b7:1b:76:
3f:72:e9:2d:09:37:d4:94:f4:e9:3d:7a:45:f2:14:e8:c2:7f:
32:78:f7:c5:1e:45:80:ef:fc:9e:12:39:ad:33:6b:b8:df:90:
02:0a:81:43

Display More

**Nuxwin** · Apr 6th 2017

@akong7777

Furthermore, make sure that your mail client is supporting TLS. SSLv3 is now discarded:

Shell-Script

root@web1:~# cat /etc/dovecot/dovecot.conf |grep ssl_protocolsssl_protocols = !SSLv2 !SSLv3

Shell-Script

root@web1:~# cat /etc/postfix/main.cf |grep smtpd_tls_protocolssmtpd_tls_protocols = !SSLv2, !SSLv3

Test for SMTP succeded:

Shell-Script

root@web1:~# openssl s_client -connect web1.aspa.idv.tw:587 -starttls smtpCONNECTED(00000003)depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3verify return:1depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3verify return:1depth=0 CN = web1.aspa.idv.twverify return:1---Certificate chain0 s:/CN=web1.aspa.idv.twi:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X31 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3i:/O=Digital Signature Trust Co./CN=DST Root CA X3---Server certificate-----BEGIN CERTIFICATE-----MIIFJzCCBA+gAwIBAgISA2rkj0SpSATXY8lUZaU5sE+BMA0GCSqGSIb3DQEBCwUAMEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQDExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNzAzMzAxNDUxMDBaFw0xNzA2MjgxNDUxMDBaMBsxGTAXBgNVBAMTEHdlYjEuYXNwYS5pZHYudHcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIKiUz1YWdkTAOS93dCfHCsrEmEj9U+6lN/iVyHkt8nftocYKzMmswNgBQIwiXaV2SILSZooFySdtkmAB0/UM+S3rfDfKMDLM7Y10N+VN5a32zYmaTzZ26tCfK7pFejtzyyMRr2qGzcp4qOw3ZKoOAsnFH4bNVn71CIufn5omGNHmkmIJ04Gwsw+5lDb73R0z55xawAHFYt6UyXQbNi/GgWNoDtJKzoesesi196V7URGiRLdgU11VPaxQ7/LPvL1gxlukdXnN/PuF7RwBBMLLEZjIWCgzkeXp0eLLcSCFtUze3mfp0ADYCtBsaUE6/3Gsgjb0umsXGVT+hrDgGg0ZvAgMBAAGjggI0MIICMDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFMAvfhhHtFsEV3YScjUmisq+55UeMB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyhMHAGCCsGAQUFBwEBBGQwYjAvBggrBgEFBQcwAYYjaHR0cDovL29jc3AuaW50LXgzLmxldHNlbmNyeXB0Lm9yZy8wLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcvMD4GA1UdEQQ3MDWCD2Z0cC5hc3BhLmlkdi50d4IQbWFpbC5hc3BhLmlkdi50d4IQd2ViMS5hc3BhLmlkdi50dzCB/gYDVR0gBIH2MIHzMAgGBmeBDAECATCB5gYLKwYBBAGC3xMBAQEwgdYwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIGrBggrBgEFBQcCAjCBngyBm1RoaXMgQ2VydGlmaWNhdGUgbWF5IG9ubHkgYmUgcmVsaWVkIHVwb24gYnkgUmVseWluZyBQYXJ0aWVzIGFuZCBvbmx5IGluIGFjY29yZGFuY2Ugd2l0aCB0aGUgQ2VydGlmaWNhdGUgUG9saWN5IGZvdW5kIGF0IGh0dHBzOi8vbGV0c2VuY3J5cHQub3JnL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQBgxyknR5le8qZiiY+V/8i9wjP9RgAAhNP+xgZFgqi/n+91fhqyh+LY/S3QLQPgG0alaEmRDK2S/jkiBjiuCgZXAs+3l17OBapHItiNUX6P4A2yOcO2nVXGQ7Kx+UzHpv+hBO7ct1iIrhIVxNEiqg9fag+j86j1CKO1+feZl//o6qdjpFwilvmER/aJzqS4LC1cOp3CLcn4sbyFl36pMmIfF5VdKopNrjqiL8ZheoTTQTTUjuzimvBRBjrUHH1FoCpmUDN9izBhEcO1/4ipwjLG+pjdpOW3G3Y/cuktCTfUlPTpPXpF8hTown8yePfFHkWA7/yeEjmtM2u435ACCoFD-----END CERTIFICATE-----subject=/CN=web1.aspa.idv.twissuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3---No client certificate CA names sentPeer signing digest: SHA512Server Temp Key: ECDH, P-256, 256 bits---SSL handshake has read 3412 bytes and written 436 bytes---New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384Server public key is 2048 bitSecure Renegotiation IS supportedCompression: NONEExpansion: NONENo ALPN negotiatedSSL-Session:Protocol : TLSv1.2Cipher : ECDHE-RSA-AES256-GCM-SHA384Session-ID: 537CFBF28B04E2E58FBC8660CBC7586133F4912D11B8FF50894904FF3382D9DCSession-ID-ctx:Master-Key: FA99DC4B4432EDFA1C0CCBB5CE92A272DB4713EA5F89D4637E1FA1EDC76EC8166706CEB56040B0F3B1787DE695D9EFF7Key-Arg : NonePSK identity: NonePSK identity hint: NoneSRP username: NoneTLS session ticket lifetime hint: 7200 (seconds)TLS session ticket:0000 - 7d 4a 75 41 a5 f3 f4 36-fd 2c 18 4e c0 c3 6a dc }JuA...6.,.N..j.0010 - 90 b6 95 e8 21 1a de 05-37 00 ec da f6 5e da a9 ....!...7....^..0020 - 2d f0 b7 12 b2 fe 15 89-67 e1 bb 0b c6 d0 aa 26 -.......g......&0030 - 16 23 1e 93 33 eb 73 37-ed cd 16 eb e3 bf e9 4b .#..3.s7.......K0040 - b9 f7 2b 63 c9 5e 28 92-70 e7 aa 17 6f 05 8e 33 ..+c.^(.p...o..30050 - a5 4c dd 6b 2c a5 9a b4-95 ff 2c 55 c0 0e 62 50 .L.k,.....,U..bP0060 - f2 6d f3 ed d1 f0 ed 12-ad ae 3c 39 ee e2 b3 33 .m........<9...30070 - 71 b2 ca 91 d1 9e 4c 29-df b0 d8 c4 b9 19 d2 fc q.....L)........0080 - 48 d2 5a 5b 6c bd 8c 86-91 34 e9 24 d6 e4 d0 33 H.Z[l....4.$...30090 - ce a1 99 3d ec 96 46 43-1b fc 0e 60 08 79 b0 52 ...=..FC...`.y.RStart Time: 1491494627Timeout : 300 (sec)Verify return code: 0 (ok)---250 DSN

Test for IMAP succeded:

Shell-Script

root@web1:~# openssl s_client -connect web1.aspa.idv.tw:143 -starttls imap
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = web1.aspa.idv.tw
verify return:1
---
Certificate chain
0 s:/CN=web1.aspa.idv.tw
i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISA2rkj0SpSATXY8lUZaU5sE+BMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNzAzMzAxNDUxMDBaFw0x
NzA2MjgxNDUxMDBaMBsxGTAXBgNVBAMTEHdlYjEuYXNwYS5pZHYudHcwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIKiUz1YWdkTAOS93dCfHCsrEmEj9U
+6lN/iVyHkt8nftocYKzMmswNgBQIwiXaV2SILSZooFySdtkmAB0/UM+S3rfDfKM
DLM7Y10N+VN5a32zYmaTzZ26tCfK7pFejtzyyMRr2qGzcp4qOw3ZKoOAsnFH4bNV
n71CIufn5omGNHmkmIJ04Gwsw+5lDb73R0z55xawAHFYt6UyXQbNi/GgWNoDtJKz
oesesi196V7URGiRLdgU11VPaxQ7/LPvL1gxlukdXnN/PuF7RwBBMLLEZjIWCgzk
eXp0eLLcSCFtUze3mfp0ADYCtBsaUE6/3Gsgjb0umsXGVT+hrDgGg0ZvAgMBAAGj
ggI0MIICMDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFMAvfhhHtFsEV3YScjUmisq+
55UeMB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyhMHAGCCsGAQUFBwEB
BGQwYjAvBggrBgEFBQcwAYYjaHR0cDovL29jc3AuaW50LXgzLmxldHNlbmNyeXB0
Lm9yZy8wLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlw
dC5vcmcvMD4GA1UdEQQ3MDWCD2Z0cC5hc3BhLmlkdi50d4IQbWFpbC5hc3BhLmlk
di50d4IQd2ViMS5hc3BhLmlkdi50dzCB/gYDVR0gBIH2MIHzMAgGBmeBDAECATCB
5gYLKwYBBAGC3xMBAQEwgdYwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2Vu
Y3J5cHQub3JnMIGrBggrBgEFBQcCAjCBngyBm1RoaXMgQ2VydGlmaWNhdGUgbWF5
IG9ubHkgYmUgcmVsaWVkIHVwb24gYnkgUmVseWluZyBQYXJ0aWVzIGFuZCBvbmx5
IGluIGFjY29yZGFuY2Ugd2l0aCB0aGUgQ2VydGlmaWNhdGUgUG9saWN5IGZvdW5k
IGF0IGh0dHBzOi8vbGV0c2VuY3J5cHQub3JnL3JlcG9zaXRvcnkvMA0GCSqGSIb3
DQEBCwUAA4IBAQBgxyknR5le8qZiiY+V/8i9wjP9RgAAhNP+xgZFgqi/n+91fhqy
h+LY/S3QLQPgG0alaEmRDK2S/jkiBjiuCgZXAs+3l17OBapHItiNUX6P4A2yOcO2
nVXGQ7Kx+UzHpv+hBO7ct1iIrhIVxNEiqg9fag+j86j1CKO1+feZl//o6qdjpFwi
lvmER/aJzqS4LC1cOp3CLcn4sbyFl36pMmIfF5VdKopNrjqiL8ZheoTTQTTUjuzi
mvBRBjrUHH1FoCpmUDN9izBhEcO1/4ipwjLG+pjdpOW3G3Y/cuktCTfUlPTpPXpF
8hTown8yePfFHkWA7/yeEjmtM2u435ACCoFD
-----END CERTIFICATE-----
subject=/CN=web1.aspa.idv.tw
issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-384, 384 bits
---
SSL handshake has read 3522 bytes and written 459 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: EDBF8BF1F9A8CC2D8490E07F74DC0EB6EF1DB543548225A5EA60F0EEB654F7B9
Session-ID-ctx:
Master-Key: 14A4F58F8A376FA1A577FA24E1E3BE33A7508167FEA1287E75D355A9A5FEC4CA7D04CD169E18F561BDE8B978DD16B361
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - d0 c1 b4 bb 33 6c ab 3c-4d cb 2f 1d 83 ac 39 38 ....3l.<M./...98
0010 - 9a f9 23 57 f6 dc f4 31-d7 c9 2b cd 88 48 5f 5f ..#W...1..+..H__
0020 - ad 69 42 c1 48 8a 5e ff-a1 a7 cd 83 78 38 a1 2c .iB.H.^.....x8.,
0030 - b7 e2 29 b6 91 e6 b8 8c-71 6d 13 93 ac 9b d8 60 ..).....qm.....`
0040 - f9 6b 0f f2 de 64 67 66-c3 0b b5 b4 3c 78 b6 3a .k...dgf....<x.:
0050 - 7e 3a 00 d2 41 f4 89 77-7f 5f 0c 12 8c 74 e2 0b ~:..A..w._...t..
0060 - fe 57 3a c2 8d aa 58 ff-90 da ab c1 e0 9e b7 c5 .W:...X.........
0070 - b2 47 af ab 41 10 3e 5d-dd ef 5c 8e de 67 36 b5 .G..A.>]..\..g6.
0080 - a9 50 fd 8b 83 3a 16 10-d1 83 9d ac a8 2c 33 08 .P...:.......,3.
0090 - bf e6 6e 47 ab 53 6c a7-c0 b3 2a 1d 66 35 7e 7c ..nG.Sl...*.f5~|
Start Time: 1491494582
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
. OK Pre-login capabilities listed, post-login capabilities have more.

Display More

So, if there is an issue, that is on the mail client side

**akong7777** · Apr 6th 2017

So,It's not plugin bug.

**Nuxwin** · Apr 6th 2017

@akong7777

No, there is not bug Please, read my previous answer

LetsEncrypt on 1.4.2 have error.

Share

Daily visitors