Von Royce Wallace wrote:

This fixed it

chown root:ssl-cert /etc/letsencrypt/live/vonwallace.com /etc/letsencrypt/archive/vonwallace.com
chmod 0750 /etc/letsencrypt/live/vonwallace.com /etc/letsencrypt/archive/vonwallace.com

Please put something about that in the doc

If you have multiple then use the following format

Please see the "Common Let's Encrypt Setup" section at the top of the howto!

M$ Outlook 2016+ always prompted for certs every time you started it if you used self-signed certs which was a PITA so we always recommend using proper certificates (including Let's Encrypt ones) if you use that. It looks like M$ have been extending this requirement further. I'll have to investigate Thunderbird further because it always used to work. This is going to be a bit of a pain as I'll have to set up a test system.

Also with the fix windows mail app works as well that one also did not like the self signed cert

Okay now that I got that sorted out...

Thunderbird works just fine now pulls emails via imap and send them off, It did not like the self signed cert from some reason

This fixed it

chown root:ssl-cert /etc/letsencrypt/live/vonwallace.com /etc/letsencrypt/archive/vonwallace.com
chmod 0750 /etc/letsencrypt/live/vonwallace.com /etc/letsencrypt/archive/vonwallace.com

Please put something about that in the doc

If you have multiple then use the following format

This is the archive directory that it points to

-rw-r--r-- 1 root root 1964 Aug 8 02:35 cert1.pem
-rw-r--r-- 1 root root 1647 Aug 8 02:35 chain1.pem
-rw-r--r-- 1 root root 3611 Aug 8 02:35 fullchain1.pem
-rw-r----- 1 root ssl-cert 1704 Aug 8 02:35 privkey1.pem

full chain is root root

Do I need to change that

Is there a newer version of imap that fixed the bugs

So I went back to the private cert

Strange how thunder bird does not work and windows mail

But outlook and IOS mail work just fine

Aug 11 17:20:44 vonwallace imaps[5225]: unable to get certificate from '/etc/letsencrypt/live/vonwallace.com/fullchain.p ...
Aug 11 17:20:44 vonwallace imaps[5225]: TLS server engine: cannot load cert/key data
Aug 11 17:20:44 vonwallace imaps[5225]: error initializing TLS
Aug 11 17:20:44 vonwallace imaps[5225]: Fatal error: tls_init() failed
Aug 11 17:20:44 vonwallace imaps[5223]: unable to get certificate from '/etc/letsencrypt/live/vonwallace.com/fullchain.p ...

followed doc and I get that

Certificate is there and it works for website

Please help

[root@vonwallace vonwallace.com]# ls -l
total 4
lrwxrwxrwx 1 root root 38 Aug 8 02:35 cert.pem -> ../../archive/vonwallace.com/cert1.pem
lrwxrwxrwx 1 root root 39 Aug 8 02:35 chain.pem -> ../../archive/vonwallace.com/chain1.pem
lrwxrwxrwx 1 root root 43 Aug 8 02:35 fullchain.pem -> ../../archive/vonwallace.com/fullchain1.pem
lrwxrwxrwx 1 root ssl-cert 41 Aug 8 02:35 privkey.pem -> ../../archive/vonwallace.com/privkey1.pem
-rw-r--r-- 1 root root 692 Aug 8 02:35 README
[root@vonwallace vonwallace.com]#

This doc gives all the configs you need to change.

ClearOS imports the certificates into /etc/clearos/certificate_manager.d. You may need to create a file with both your client certificate and intermediate certificate in it and use that when deploying the certs.