Roundcube Community Forum

Hi,

On my LAN Dovecot, Postfix on the one server work fine. Also Thunderbird works fine as an e-mail client.

Now I want to use RC also (on the same server).
So I installed RC and nginx.
My browser shows the login page.

But I can't login
(stream_socket_client(): Failed to enable crypto
Unable to set local cert chain file `/etc/dovecot/private/xxxx.cert'; Check that your cafile/capath settings include details of your certificate and its issuer).

What are the correct RC settings for IMAP/SMTP when using self-signed certificates?
Below is my current configuration.

-----------------------------------------------
Dovecot/Postfix/Thunderbird: OK
Thunderbird: SSL/TLS, Normal password, server: imap.domain.lan:993

Roundcube:
// --------------- IMAP ---------------------------------------

$config['imap_host'] = 'ssl://imap.domain.lan:993';
$config['imap_conn_options'] = [
  'ssl'        => [
    'verify_peer'  => true,
    'verify_peer_name'  => true,
    'verify_depth' => 3,
    'local_cert'  => '/etc/dovecot/ssl/xxxx.cert',
    'local_pk'    => '/etc/dovecot/ssl/xxxx.key',
    'allow_self_signed' => true
  ],
];
$config['imap_auth_type'] = 'PLAIN';

// --------------- SMTP ---------------------------------------

$config['smtp_host'] = 'ssl://smtp.domain.lan:587';
$config['smtp_conn_options'] = [
  'ssl'        => [
    'verify_peer'  => true,
    'verify_peer_name'  => true,
    'verify_depth' => 3,
    'local_cert'  => '/etc/postfix/ssl/cert.pem',
    'local_pk'    => '/etc/postfix/ssl/key.pem',
    'allow_self_signed' => true
  ],
];
$config['smtp_auth_type'] = 'PLAIN';
$config['smtp_user'] = '[email protected]';
$config['$config['smtp_pass' = 'password';

Have you verified that the web server has access to read the certificate files you have linked to in the config?

I think I did but I checked again:

-r-------- 1 root root 1.7K Sep 27  2024 /etc/dovecot/ssl/xxxx.key
changed to
-r--r--r-- 1 root root 1.7K Sep 27  2024 /etc/dovecot/ssl/xxxx.key
and
-rw-r--r-- 1 root root 1.3K Sep 27  2024 /etc/dovecot/ssl/xxxx.cert

roundcubemail/logs/*.log:
Could not connect to ssl://imap.xxx.lan:993:
Unknown reason in /xxxx/xxxx/roundcubemail/program/lib/Roundcube/rcube_imap.php on line 211 (POST /?_task=login&_action=login)

That is a different error but not very informative. Just to be sure if you set verify_peer to false it does connect correct?

The error changed after I changed the the permission.
Setting verify_peer to false didn't make any difference.

Never logged in successfully with Roundcube. Thunderbird works.

OK that's helpful, I think we're past the issue with the certificate. Can you try changing your imap host from ssl://... to tls://... and see if that works?

Solved.

In the errors.log of RC there was a line I didn't see before (my bad):
Peer certificate CN=`mail.xxxx.lan' did not match expected CN=`imap.xxxx.lan'

The dovecot certificate is for mail.xxxx.lan and in the RC config file there was imap.xxxx.lan

After changing that in the RC config file I could login using RC.
Also changed imap_auth_type from LOGIN to PLAIN.
Don't know if that is necessary or not.

Thanks for your help.