SSL_accept() failed: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown: SSL alert number 46


#1

Howdy, after searching for something similar in the forum I cannot use the admin/Mobile apps instructions to create an email account on my Android phone client. The inbound part of the email client definition fails immediately with the following error condition found in the mail.log:

Jun 14 16:17:27 box dovecot: imap-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=73.6.211.45, lip=45.55.255.105, TLS handshaking: SSL_accept() failed: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown: SSL alert number 46, session=<s4+qB4AYugBJBtMt>

Do I need to purchase a SSL cert?

Please advise.


#2

Do I need to purchase a SSL cert?

That sounds like it could be the problem. I know typically on Android you need to, although not in all email apps (K-9 mail is fine with self-signed certificates, for instance).


#3

Howdy JoshData,

  • K-9 though a better looking email client than the default on my phone returns the same error condition in the mail.log.

  • Opting for the gandi.net SSL has led to a situation where gandi.net is stuck waiting on a good CNAME record.

  • Contacting gandi.net support returns this email:

    Hello David,
    Thank you for contacting Gandi support.
    The validation is stuck because the CNAME required for DCV is not available
    As you can see by going to the Orders in Progress page and clicking on the pen icon for “More Info” (https://www.gandi.net/admin/orders)
    the CNAME required is :
    319FE46886A076F5553D45B0779A92E1.box.datamaskinaggie.xyz. 10800 IN CNAME
    EF594D1E35B132E087066FB00833131125822C6B.comodoca.com.
    However the CNAME is currently:

    319FE46886A076F5553D45B0779A92E1.box.datamaskinaggie.xyz. 1800 IN CNAME datamaskinaggie.xyz.

    I invite you to contact your DNS provider to update the CNAME accordingly.


Deleting the errant datamaskinaggie.xyz value and replacing after re-watching your SSL video several times and comparing I now have the issue with the new value as shown in the uploaded screen shot. I now have no clue what is wrong or how to correct.

Any ideas, suggestions, diagnostics or solutions welcomed.


#4

In the Type drop-down, choose CNAME, not A.


#5

BTW: is there some issue w/ the SSL video @ https://www.youtube.com/v/HQOj-Mm1fYs&start=873 or is it youtube? I tried watching several times with an error issued. The error provides no detail.


#6

And the same on both browsers: FF and Chrome. Chrome I cleared history, cache, cookies etc. but same outcome.


#7

OK. The issue is the wonderful Comcast for the reason youtube won’t play the video.
Notwithstanding 3 days later the SSL cert issue in logs has gone away but now I have a pure AUTHENTICATION issue using K-9.

The same credentials to log into roundcube: david@datamaskinaggie.xyz fail in the K-9 inbound mail setup.

Jun 17 15:36:03 box dovecot: imap-login: Disconnected (auth failed, 1 attempts in 2 secs): user=, method=PLAIN, rip=70.196.77.228, lip=45.55.255.105, TLS, session=
Jun 17 15:36:23 box dovecot: imap-login: Login: user=david@datamaskinaggie.xyz, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=16805, TLS, session=<58hZzrsYWwB/AAAB>
Jun 17 15:36:23 box dovecot: imap(david@datamaskinaggie.xyz): Disconnected: Logged out in=127 out=2321
Jun 17 15:37:23 box dovecot: imap-login: Login: user=david@datamaskinaggie.xyz, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=16807, TLS, session=<2DXs0bsYXAB/AAAB>
Jun 17 15:37:23 box dovecot: imap(david@datamaskinaggie.xyz): Disconnected: Logged out in=127 out=2321
Jun 17 15:37:25 box dovecot: imap-login: Disconnected (auth failed, 1 attempts in 2 secs): user=, method=PLAIN, rip=70.196.77.228, lip=45.55.255.105, TLS, session=

The K-9 client has a popup displaying:

Setup could not finish

Username or password incorrect. (Command: AUTHENTICATE PLAIN; response: #1# [NO, [AUTHENTICATTIONFAILED], Authentication failed.])

Any ideas, suggestions or diagnostics welcomed.


#8

OK. More noise again. The username has be the email address. The only hitch in the git-a-long was the K-9 client complained about the SSL cert with a prompt to accept.

The question remains must the SSL cert be installed for each domain created?


#9

It depends on what you mean by “must.” Everything will operate if you don’t install a signed certificate, but you will get warnings when connecting.


#10

I tried using SMTP sending to gmail.
Doesn’t accept or receive it with an invalid cert.


#11

I can’t understand the problem you are having. A screenshot of the error might help.


#12

Same error as the title of this topic.


#13

What application are you using? What operating system? When exactly does this occur? Have you tried connecting from different devices or different networks (wifi, 4G)? Can you try setting up Mozilla Thunderbird on your computer to see if it can connect properly?


#14

Thanks for the reply.
I understand now. The signed cert is installed for just a single hostname. In this case: box..
The remaining hostnames are working on roundcube and Android K-9. These clients for these hostnames complain but dutifully import or use the signed SSL cert. The self-signed cert would not import for any reason so I’m better off with the signed cert. Sorry about all the noise.


#15

If you are facing ssl problem then you can try ssl from cloudflare which you will get in free and you can easily manage it but if you don’t know the steps then you can visit antivirus customer service for the information.