Hi David,
is clock in sync on the machine (just to eliminate this as possible error)?
Regarding your self-signed issues I'd suggest to let your system trust the certificate which you use. Either by putting the CA cert or the server cert in your trust store (depends on your system). There is a big difference between using a certificate which can be validated (even when self signed) and trusting any presented certificate (even if there are config switches to disable checking).
hth+regards, Thomas
On 14.07.2017 13:44, David Gessel wrote:
Thanks! A step closer. It seems the roundcube logins can be set to ignore certificate errors, but managesieve isn't:
Jul 14 04:34:49 managesieve-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=10.3.69.139, lip=10.3.69.135, TLS handshaking: SSL_accept() failed: error:14094415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired: SSL alert number 45, session=<d7vVb0VUNlsKA0WL>
This isn't accurate: it is a self-signed cert good until 2025.
While I'm OK with lets encrypt certificates, self-signed certificates should be supported. As I remember, I ran into this problem with roundcube's checks, which is why the ssl://.... and
$config['imap_conn_options'] = array( 'ssl' => array( 'verify_peer' => false, 'verfify_peer_name' => false, ), );
which "managesieve_usetls" seems to ignore.
Any way to get managesieve to function the same way or is this a "pay the cert mafia or else..." situation?
-David