nginx – Let’s Encrypt的中间证书

分类:Nginx作者:编程之家用户

我在我的服务器上设置了Let’s Encrypt加密,然后在同一台服务器(带有nginx的ubuntu服务器16.04)上设置邮件服务器(dovecot和postfix)的教程.在此过程中,我还为该域创建了两个电子邮件地址,我希望通过邮件客户端Mail使用该地址.但是,我收到错误“无法验证帐户名或密码”,并在http://www.checktls.com/perl/TestReceiver.pl我收到以下错误:

[001.075]       Cert NOT VALIDATED: unable to get local issuer certificate
[001.075]       this may help: What Is An Intermediate Certificate
[001.075]       So email is encrypted but the domain is not verified
[001.075]   ssl : scheme=ldap cert=140396633026752
: identity=mail.mysite.com cn=mysite.com alt=2 mysite.com 2 www.mysite.com
[001.075]       Cert Hostname DOES NOT VERIFY (mail.mysite.com != mysite.com)
[001.076]       So email is encrypted but the host is not verified

整个报告:

seconds     test stage and result
[000.123]       Connected to server
[000.437]   <-- 220 ubuntu-512mb-fra1-01.mysite.com ESMTP Postfix (Ubuntu)
[000.437]       We are allowed to connect
[000.438]   --> EHLO checktls.com
[000.558]   <-- 250-ubuntu-512mb-fra1-01.mysite.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
[000.558]       We can use this server
[000.559]       TLS is an option on this server
[000.559]   --> STARTTLS
[000.679]   <-- 220 2.0.0 Ready to start TLS
[000.680]       STARTTLS command works on this server
[000.947]   ssl : new ctx 140396633279344
: start handshake
: ssl handshake not started
: not using SNI because hostname is unknown
: set socket to non-blocking to enforce timeout=30
: call Net::SSLeay::connect
: done Net::SSLeay::connect -> -1
: ssl handshake in progress
: waiting for fd to become ready: SSL wants a read first
: socket ready,retrying connect
: call Net::SSLeay::connect
: ok=0 [0] /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3/CN=mysite.com
: ok=0 [0] /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3/CN=mysite.com
: ok=0 [0] /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3/CN=mysite.com
: done Net::SSLeay::connect -> -1
: ssl handshake in progress
: waiting for fd to become ready: SSL wants a read first
: socket ready,retrying connect
: call Net::SSLeay::connect
: done Net::SSLeay::connect -> 1
: ssl handshake done
[000.949]       SSLVersion in use: TLSv1.2
[000.949]       Cipher in use: ECDHE-RSA-AES128-SHA256
[000.950]       Connection converted to SSL
[000.979]       
Certificate 1 of 3 in chain:
Certificate:
  Data:
    Version: 3 (0x2)
    Serial Number:
      03:bf:0b:67:c3:bd:f6:98:ed:66:b4:86:11:5c:44:22:e2:1b
  Signature Algorithm: sha256WithRSAEncryption
    Issuer:
      countryName         = US
      organizationName      = Let's Encrypt
      commonName        = Let's Encrypt Authority X3
    Validity
      Not Before: Oct 29 10:33:00 2016 GMT
      Not After : Jan 27 10:33:00 2017 GMT
    Subject:
      commonName        = mysite.com
    Subject Public Key Info:
      Public Key Algorithm: rsaEncryption
        Public-Key: (2048 bit)
        Modulus:
          00:dd:1e:5b:b8:0e:b6:06:f3:b5:8d:55:42:b8:d1:
          f5:91:fd:74:03:f5:f5:5d:6e:8d:84:47:19:d7:28:
          77:3d:47:33:50:bd:70:7a:bf:bf:97:fe:9a:bb:af:
          31:71:db:d5:8b:dc:5a:22:11:4a:b9:c0:c7:2c:ba:
          22:11:52:3d:f8:35:0b:f3:d8:f5:c5:a3:5d:0f:70:
          df:d6:02:38:dd:a7:43:22:b2:ae:96:7a:a6:17:de:
          70:89:e3:74:16:c6:ee:eb:04:37:99:44:f0:2c:10:
          95:21:20:75:f9:b3:c8:d2:4a:c0:04:97:6d:fa:82:
          10:a5:e7:9a:37:82:95:99:e3:d4:c2:65:1a:d0:60:
          ef:18:8a:39:6c:0a:13:9e:00:a4:bd:57:03:55:ea:
          11:33:61:29:41:99:32:9b:85:7d:76:b8:b3:99:46:
          75:33:bf:de:10:52:ce:32:69:9a:36:3d:8b:5b:d1:
          67:ff:66:ef:43:ea:8f:07:77:41:55:f5:f6:ba:6d:
          e2:8f:4e:04:e4:c7:f1:fe:3b:6c:9c:8c:b2:b5:a8:
          24:57:c8:50:eb:37:6c:ea:a4:59:d5:17:dd:31:c3:
          ee:16:df:a4:3a:56:25:ea:38:3c:ab:d2:7f:2b:73:
          7d:2e:d5:ca:ff:b9:e7:d2:d3:18:6b:60:14:f9:e8:
          03:45
        Exponent: 65537 (0x10001)
    X509v3 extensions:
      X509v3 Key Usage: critical
        Digital Signature,Key Encipherment
      X509v3 Extended Key Usage: 
        TLS Web Server Authentication,TLS Web Client Authentication
      X509v3 Basic Constraints: critical
        CA:FALSE
      X509v3 Subject Key Identifier: 
        D9:81:23:A5:47:07:33:95:ED:67:F4:1C:79:48:64:EF:64:93:31:96
      X509v3 Authority Key Identifier: 
        keyid:A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1
      Authority Information Access: 
        OCSP - URI:http://ocsp.int-x3.letsencrypt.org/
        CA Issuers - URI:http://cert.int-x3.letsencrypt.org/
      X509v3 Subject Alternative Name: 
        DNS:mysite.com,DNS:www.mysite.com
      X509v3 Certificate Policies: 
        Policy: 2.23.140.1.2.1
        Policy: 1.3.6.1.4.1.44947.1.1.1
          CPS: http://cps.letsencrypt.org
          User Notice:
          Explicit Text: This Certificate may only be relied upon by Relying Parties and only in accordance with the Certificate Policy found at https://letsencrypt.org/repository/
  Signature Algorithm: sha256WithRSAEncryption
     75:54:a8:af:38:1e:79:64:5c:89:b7:43:5f:81:fd:20:cf:83:
     41:f4:f3:4c:53:45:5c:4b:4f:52:41:22:59:76:14:eb:41:30:
     46:d2:2a:0e:e3:f8:0a:5b:03:fb:a1:77:b5:95:05:b9:cd:2e:
     4a:d7:10:c1:d4:5d:fc:92:fa:30:c3:52:e4:35:02:f8:aa:c2:
     ea:9a:a5:81:9f:1e:82:ae:d4:0f:d1:ff:ab:a2:56:66:3c:7d:
     6c:55:87:c3:88:73:03:1a:c3:35:50:0a:7c:5d:c2:e6:fe:85:
     80:29:8b:57:a2:42:4f:db:b9:d0:2e:5f:27:fb:11:bb:cf:86:
     d5:97:17:2d:80:85:11:a1:27:c8:b9:98:fd:3c:a0:6d:d8:b9:
     54:28:1c:70:ea:6c:04:bd:01:26:0c:ac:05:7d:0e:8b:cf:30:
     10:a3:06:fa:62:86:35:a4:85:bb:c8:bc:c1:d7:b1:24:a4:95:
     cb:9b:51:88:62:02:42:d0:43:b4:85:59:57:2c:19:4c:29:6c:
     56:5b:f5:8d:b2:08:29:05:b1:61:5a:4b:91:dc:d0:51:8b:a8:
     31:dc:ee:84:0a:e6:2f:84:eb:8a:f8:db:b7:ba:40:ce:12:5a:
     af:c3:26:a3:27:d2:c1:d6:48:80:d2:2a:dc:82:70:8c:0e:04:
     36:7e:d3:1e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISA78LZ8O99pjtZrSGEVxEIuIbMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNjEwMjkxMDMzMDBaFw0x
NzAxMjcxMDMzMDBaMBcxFTATBgNVBAMTDGhleW1vbmRheS5zZTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAN0eW7gOtgbztY1VQrjR9ZH9dAP19V1ujYRH
Gdcodz1HM1C9cHq/v5f+mruvMXHb1YvcWiIRSrnAxyy6IhFSPfg1C/PY9cWjXQ9w
39YCON2nQyKyrpZ6phfecInjdBbG7usEN5lE8CwQlSEgdfmzyNJKwASXbfqCEKXn
mjeClZnj1MJlGtBg7xiKOWwKE54ApL1XA1XqETNhKUGZMpuFfXa4s5lGdTO/3hBS
zjJpmjY9i1vRZ/9m70Pqjwd3QVX19rpt4o9OBOTH8f47bJyMsrWoJFfIUOs3bOqk
WdUX3THD7hbfpDpWJeo4PKvSfytzfS7Vyv+559LTGGtgFPnoA0UCAwEAAaOCAh8w
ggIbMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU2YEjpUcHM5XtZ/QceUhk72STMZYw
HwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEwcAYIKwYBBQUHAQEEZDBi
MC8GCCsGAQUFBzABhiNodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5cHQub3Jn
LzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgzLmxldHNlbmNyeXB0Lm9y
Zy8wKQYDVR0RBCIwIIIMaGV5bW9uZGF5LnNlghB3d3cuaGV5bW9uZGF5LnNlMIH+
BgNVHSAEgfYwgfMwCAYGZ4EMAQIBMIHmBgsrBgEEAYLfEwEBATCB1jAmBggrBgEF
BQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwgasGCCsGAQUFBwICMIGe
DIGbVGhpcyBDZXJ0aWZpY2F0ZSBtYXkgb25seSBiZSByZWxpZWQgdXBvbiBieSBS
ZWx5aW5nIFBhcnRpZXMgYW5kIG9ubHkgaW4gYWNjb3JkYW5jZSB3aXRoIHRoZSBD
ZXJ0aWZpY2F0ZSBQb2xpY3kgZm91bmQgYXQgaHR0cHM6Ly9sZXRzZW5jcnlwdC5v
cmcvcmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBAHVUqK84HnlkXIm3Q1+B
/SDPg0H080xTRVxLT1JBIll2FOtBMEbSKg7j+ApbA/uhd7WVBbnNLkrXEMHUXfyS
+jDDUuQ1AviqwuqapYGfHoKu1A/R/6uiVmY8fWxVh8OIcwMawzVQCnxdwub+hYAp
i1eiQk/budAuXyf7EbvPhtWXFy2AhRGhJ8i5mP08oG3YuVQoHHDqbAS9ASYMrAV9
DovPMBCjBvpihjWkhbvIvMHXsSSklcubUYhiAkLQQ7SFWVcsGUwpbFZb9Y2yCCkF
sWFaS5Hc0FGLqDHc7oQK5i+E64r427e6QM4SWq/DJqMn0sHWSIDSKtyCcIwOBDZ+
0x4=
-----END CERTIFICATE-----                                                                                                                      
[001.005]       
Certificate 2 of 3 in chain:
Certificate:
  Data:
    Version: 3 (0x2)
    Serial Number:
      03:bf:0b:67:c3:bd:f6:98:ed:66:b4:86:11:5c:44:22:e2:1b
  Signature Algorithm: sha256WithRSAEncryption
    Issuer:
      countryName         = US
      organizationName      = Let's Encrypt
      commonName        = Let's Encrypt Authority X3
    Validity
      Not Before: Oct 29 10:33:00 2016 GMT
      Not After : Jan 27 10:33:00 2017 GMT
    Subject:
      commonName        = mysite.com
    Subject Public Key Info:
      Public Key Algorithm: rsaEncryption
        Public-Key: (2048 bit)
        Modulus:
          00:dd:1e:5b:b8:0e:b6:06:f3:b5:8d:55:42:b8:d1:
          f5:91:fd:74:03:f5:f5:5d:6e:8d:84:47:19:d7:28:
          77:3d:47:33:50:bd:70:7a:bf:bf:97:fe:9a:bb:af:
          31:71:db:d5:8b:dc:5a:22:11:4a:b9:c0:c7:2c:ba:
          22:11:52:3d:f8:35:0b:f3:d8:f5:c5:a3:5d:0f:70:
          df:d6:02:38:dd:a7:43:22:b2:ae:96:7a:a6:17:de:
          70:89:e3:74:16:c6:ee:eb:04:37:99:44:f0:2c:10:
          95:21:20:75:f9:b3:c8:d2:4a:c0:04:97:6d:fa:82:
          10:a5:e7:9a:37:82:95:99:e3:d4:c2:65:1a:d0:60:
          ef:18:8a:39:6c:0a:13:9e:00:a4:bd:57:03:55:ea:
          11:33:61:29:41:99:32:9b:85:7d:76:b8:b3:99:46:
          75:33:bf:de:10:52:ce:32:69:9a:36:3d:8b:5b:d1:
          67:ff:66:ef:43:ea:8f:07:77:41:55:f5:f6:ba:6d:
          e2:8f:4e:04:e4:c7:f1:fe:3b:6c:9c:8c:b2:b5:a8:
          24:57:c8:50:eb:37:6c:ea:a4:59:d5:17:dd:31:c3:
          ee:16:df:a4:3a:56:25:ea:38:3c:ab:d2:7f:2b:73:
          7d:2e:d5:ca:ff:b9:e7:d2:d3:18:6b:60:14:f9:e8:
          03:45
        Exponent: 65537 (0x10001)
    X509v3 extensions:
      X509v3 Key Usage: critical
        Digital Signature,DNS:www.mysite.com
      X509v3 Certificate Policies: 
        Policy: 2.23.140.1.2.1
        Policy: 1.3.6.1.4.1.44947.1.1.1
          CPS: http://cps.letsencrypt.org
          User Notice:
          Explicit Text: This Certificate may only be relied upon by Relying Parties and only in accordance with the Certificate Policy found at https://letsencrypt.org/repository/
  Signature Algorithm: sha256WithRSAEncryption
     75:54:a8:af:38:1e:79:64:5c:89:b7:43:5f:81:fd:20:cf:83:
     41:f4:f3:4c:53:45:5c:4b:4f:52:41:22:59:76:14:eb:41:30:
     46:d2:2a:0e:e3:f8:0a:5b:03:fb:a1:77:b5:95:05:b9:cd:2e:
     4a:d7:10:c1:d4:5d:fc:92:fa:30:c3:52:e4:35:02:f8:aa:c2:
     ea:9a:a5:81:9f:1e:82:ae:d4:0f:d1:ff:ab:a2:56:66:3c:7d:
     6c:55:87:c3:88:73:03:1a:c3:35:50:0a:7c:5d:c2:e6:fe:85:
     80:29:8b:57:a2:42:4f:db:b9:d0:2e:5f:27:fb:11:bb:cf:86:
     d5:97:17:2d:80:85:11:a1:27:c8:b9:98:fd:3c:a0:6d:d8:b9:
     54:28:1c:70:ea:6c:04:bd:01:26:0c:ac:05:7d:0e:8b:cf:30:
     10:a3:06:fa:62:86:35:a4:85:bb:c8:bc:c1:d7:b1:24:a4:95:
     cb:9b:51:88:62:02:42:d0:43:b4:85:59:57:2c:19:4c:29:6c:
     56:5b:f5:8d:b2:08:29:05:b1:61:5a:4b:91:dc:d0:51:8b:a8:
     31:dc:ee:84:0a:e6:2f:84:eb:8a:f8:db:b7:ba:40:ce:12:5a:
     af:c3:26:a3:27:d2:c1:d6:48:80:d2:2a:dc:82:70:8c:0e:04:
     36:7e:d3:1e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISA78LZ8O99pjtZrSGEVxEIuIbMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNjEwMjkxMDMzMDBaFw0x
NzAxMjcxMDMzMDBaMBcxFTATBgNVBAMTDGhleW1vbmRheS5zZTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAN0eW7gOtgbztY1VQrjR9ZH9dAP19V1ujYRH
Gdcodz1HM1C9cHq/v5f+mruvMXHb1YvcWiIRSrnAxyy6IhFSPfg1C/PY9cWjXQ9w
39YCON2nQyKyrpZ6phfecInjdBbG7usEN5lE8CwQlSEgdfmzyNJKwASXbfqCEKXn
mjeClZnj1MJlGtBg7xiKOWwKE54ApL1XA1XqETNhKUGZMpuFfXa4s5lGdTO/3hBS
zjJpmjY9i1vRZ/9m70Pqjwd3QVX19rpt4o9OBOTH8f47bJyMsrWoJFfIUOs3bOqk
WdUX3THD7hbfpDpWJeo4PKvSfytzfS7Vyv+559LTGGtgFPnoA0UCAwEAAaOCAh8w
ggIbMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU2YEjpUcHM5XtZ/QceUhk72STMZYw
HwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEwcAYIKwYBBQUHAQEEZDBi
MC8GCCsGAQUFBzABhiNodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5cHQub3Jn
LzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgzLmxldHNlbmNyeXB0Lm9y
Zy8wKQYDVR0RBCIwIIIMaGV5bW9uZGF5LnNlghB3d3cuaGV5bW9uZGF5LnNlMIH+
BgNVHSAEgfYwgfMwCAYGZ4EMAQIBMIHmBgsrBgEEAYLfEwEBATCB1jAmBggrBgEF
BQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwgasGCCsGAQUFBwICMIGe
DIGbVGhpcyBDZXJ0aWZpY2F0ZSBtYXkgb25seSBiZSByZWxpZWQgdXBvbiBieSBS
ZWx5aW5nIFBhcnRpZXMgYW5kIG9ubHkgaW4gYWNjb3JkYW5jZSB3aXRoIHRoZSBD
ZXJ0aWZpY2F0ZSBQb2xpY3kgZm91bmQgYXQgaHR0cHM6Ly9sZXRzZW5jcnlwdC5v
cmcvcmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBAHVUqK84HnlkXIm3Q1+B
/SDPg0H080xTRVxLT1JBIll2FOtBMEbSKg7j+ApbA/uhd7WVBbnNLkrXEMHUXfyS
+jDDUuQ1AviqwuqapYGfHoKu1A/R/6uiVmY8fWxVh8OIcwMawzVQCnxdwub+hYAp
i1eiQk/budAuXyf7EbvPhtWXFy2AhRGhJ8i5mP08oG3YuVQoHHDqbAS9ASYMrAV9
DovPMBCjBvpihjWkhbvIvMHXsSSklcubUYhiAkLQQ7SFWVcsGUwpbFZb9Y2yCCkF
sWFaS5Hc0FGLqDHc7oQK5i+E64r427e6QM4SWq/DJqMn0sHWSIDSKtyCcIwOBDZ+
0x4=
-----END CERTIFICATE-----                                                                                                                        
[001.074]       
Certificate 3 of 3 in chain:
Certificate:
  Data:
    Version: 3 (0x2)
    Serial Number:
      03:bf:0b:67:c3:bd:f6:98:ed:66:b4:86:11:5c:44:22:e2:1b
  Signature Algorithm: sha256WithRSAEncryption
    Issuer:
      countryName         = US
      organizationName      = Let's Encrypt
      commonName        = Let's Encrypt Authority X3
    Validity
      Not Before: Oct 29 10:33:00 2016 GMT
      Not After : Jan 27 10:33:00 2017 GMT
    Subject:
      commonName        = mysite.com
    Subject Public Key Info:
      Public Key Algorithm: rsaEncryption
        Public-Key: (2048 bit)
        Modulus:
          00:dd:1e:5b:b8:0e:b6:06:f3:b5:8d:55:42:b8:d1:
          f5:91:fd:74:03:f5:f5:5d:6e:8d:84:47:19:d7:28:
          77:3d:47:33:50:bd:70:7a:bf:bf:97:fe:9a:bb:af:
          31:71:db:d5:8b:dc:5a:22:11:4a:b9:c0:c7:2c:ba:
          22:11:52:3d:f8:35:0b:f3:d8:f5:c5:a3:5d:0f:70:
          df:d6:02:38:dd:a7:43:22:b2:ae:96:7a:a6:17:de:
          70:89:e3:74:16:c6:ee:eb:04:37:99:44:f0:2c:10:
          95:21:20:75:f9:b3:c8:d2:4a:c0:04:97:6d:fa:82:
          10:a5:e7:9a:37:82:95:99:e3:d4:c2:65:1a:d0:60:
          ef:18:8a:39:6c:0a:13:9e:00:a4:bd:57:03:55:ea:
          11:33:61:29:41:99:32:9b:85:7d:76:b8:b3:99:46:
          75:33:bf:de:10:52:ce:32:69:9a:36:3d:8b:5b:d1:
          67:ff:66:ef:43:ea:8f:07:77:41:55:f5:f6:ba:6d:
          e2:8f:4e:04:e4:c7:f1:fe:3b:6c:9c:8c:b2:b5:a8:
          24:57:c8:50:eb:37:6c:ea:a4:59:d5:17:dd:31:c3:
          ee:16:df:a4:3a:56:25:ea:38:3c:ab:d2:7f:2b:73:
          7d:2e:d5:ca:ff:b9:e7:d2:d3:18:6b:60:14:f9:e8:
          03:45
        Exponent: 65537 (0x10001)
    X509v3 extensions:
      X509v3 Key Usage: critical
        Digital Signature,DNS:www.mysite.com
      X509v3 Certificate Policies: 
        Policy: 2.23.140.1.2.1
        Policy: 1.3.6.1.4.1.44947.1.1.1
          CPS: http://cps.letsencrypt.org
          User Notice:
          Explicit Text: This Certificate may only be relied upon by Relying Parties and only in accordance with the Certificate Policy found at https://letsencrypt.org/repository/
  Signature Algorithm: sha256WithRSAEncryption
     75:54:a8:af:38:1e:79:64:5c:89:b7:43:5f:81:fd:20:cf:83:
     41:f4:f3:4c:53:45:5c:4b:4f:52:41:22:59:76:14:eb:41:30:
     46:d2:2a:0e:e3:f8:0a:5b:03:fb:a1:77:b5:95:05:b9:cd:2e:
     4a:d7:10:c1:d4:5d:fc:92:fa:30:c3:52:e4:35:02:f8:aa:c2:
     ea:9a:a5:81:9f:1e:82:ae:d4:0f:d1:ff:ab:a2:56:66:3c:7d:
     6c:55:87:c3:88:73:03:1a:c3:35:50:0a:7c:5d:c2:e6:fe:85:
     80:29:8b:57:a2:42:4f:db:b9:d0:2e:5f:27:fb:11:bb:cf:86:
     d5:97:17:2d:80:85:11:a1:27:c8:b9:98:fd:3c:a0:6d:d8:b9:
     54:28:1c:70:ea:6c:04:bd:01:26:0c:ac:05:7d:0e:8b:cf:30:
     10:a3:06:fa:62:86:35:a4:85:bb:c8:bc:c1:d7:b1:24:a4:95:
     cb:9b:51:88:62:02:42:d0:43:b4:85:59:57:2c:19:4c:29:6c:
     56:5b:f5:8d:b2:08:29:05:b1:61:5a:4b:91:dc:d0:51:8b:a8:
     31:dc:ee:84:0a:e6:2f:84:eb:8a:f8:db:b7:ba:40:ce:12:5a:
     af:c3:26:a3:27:d2:c1:d6:48:80:d2:2a:dc:82:70:8c:0e:04:
     36:7e:d3:1e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISA78LZ8O99pjtZrSGEVxEIuIbMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNjEwMjkxMDMzMDBaFw0x
NzAxMjcxMDMzMDBaMBcxFTATBgNVBAMTDGhleW1vbmRheS5zZTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAN0eW7gOtgbztY1VQrjR9ZH9dAP19V1ujYRH
Gdcodz1HM1C9cHq/v5f+mruvMXHb1YvcWiIRSrnAxyy6IhFSPfg1C/PY9cWjXQ9w
39YCON2nQyKyrpZ6phfecInjdBbG7usEN5lE8CwQlSEgdfmzyNJKwASXbfqCEKXn
mjeClZnj1MJlGtBg7xiKOWwKE54ApL1XA1XqETNhKUGZMpuFfXa4s5lGdTO/3hBS
zjJpmjY9i1vRZ/9m70Pqjwd3QVX19rpt4o9OBOTH8f47bJyMsrWoJFfIUOs3bOqk
WdUX3THD7hbfpDpWJeo4PKvSfytzfS7Vyv+559LTGGtgFPnoA0UCAwEAAaOCAh8w
ggIbMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU2YEjpUcHM5XtZ/QceUhk72STMZYw
HwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEwcAYIKwYBBQUHAQEEZDBi
MC8GCCsGAQUFBzABhiNodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5cHQub3Jn
LzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgzLmxldHNlbmNyeXB0Lm9y
Zy8wKQYDVR0RBCIwIIIMaGV5bW9uZGF5LnNlghB3d3cuaGV5bW9uZGF5LnNlMIH+
BgNVHSAEgfYwgfMwCAYGZ4EMAQIBMIHmBgsrBgEEAYLfEwEBATCB1jAmBggrBgEF
BQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwgasGCCsGAQUFBwICMIGe
DIGbVGhpcyBDZXJ0aWZpY2F0ZSBtYXkgb25seSBiZSByZWxpZWQgdXBvbiBieSBS
ZWx5aW5nIFBhcnRpZXMgYW5kIG9ubHkgaW4gYWNjb3JkYW5jZSB3aXRoIHRoZSBD
ZXJ0aWZpY2F0ZSBQb2xpY3kgZm91bmQgYXQgaHR0cHM6Ly9sZXRzZW5jcnlwdC5v
cmcvcmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBAHVUqK84HnlkXIm3Q1+B
/SDPg0H080xTRVxLT1JBIll2FOtBMEbSKg7j+ApbA/uhd7WVBbnNLkrXEMHUXfyS
+jDDUuQ1AviqwuqapYGfHoKu1A/R/6uiVmY8fWxVh8OIcwMawzVQCnxdwub+hYAp
i1eiQk/budAuXyf7EbvPhtWXFy2AhRGhJ8i5mP08oG3YuVQoHHDqbAS9ASYMrAV9
DovPMBCjBvpihjWkhbvIvMHXsSSklcubUYhiAkLQQ7SFWVcsGUwpbFZb9Y2yCCkF
sWFaS5Hc0FGLqDHc7oQK5i+E64r427e6QM4SWq/DJqMn0sHWSIDSKtyCcIwOBDZ+
0x4=
-----END CERTIFICATE-----                                                                                                                          
[001.075]       Cert NOT VALIDATED: unable to get local issuer certificate
[001.075]       this may help: What Is An Intermediate Certificate
[001.075]       So email is encrypted but the domain is not verified
[001.075]   ssl : scheme=ldap cert=140396633026752
: identity=mail.mysite.com cn=mysite.com alt=2 mysite.com 2 www.mysite.com
[001.075]       Cert Hostname DOES NOT VERIFY (mail.mysite.com != mysite.com)
[001.076]       So email is encrypted but the host is not verified
[001.076]   ~~> EHLO checktls.com
[001.077]   ssl write_all VM at entry=vm_unknown
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 554.
partial `EHLO checktls.com
'
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 557.
written so far 19:19 bytes (VM=vm_unknown)
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 676.
[001.197]   <~~ 250-ubuntu-512mb-fra1-01.mysite.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
[001.198]       TLS successfully started on this server
[001.198]   ~~> MAIL FROM:

据我所知,问题在于证书的实施.我可以采取哪些步骤来解决这个问题?

最佳答案
看着

not using SNI because hostname is unknown

在看到测试连接的主机名之后

ubuntu-512mb-fra1-01.mysite.com

commonName = mysite.com 

**X509v3 Subject Alternative Name: 
    DNS:mysite.com,DNS:www.mysite.com**

….我注意到:CN和连接服务器主机名是不同的

其次,链中的所有证书都是相同的

     -----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISA78LZ8O99pjtZrSGEVxEIuIbMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNjEwMjkxMDMzMDBaFw0x
NzAxMjcxMDMzMDBaMBcxFTATBgNVBAMTDGhleW1vbmRheS5zZTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAN0eW7gOtgbztY1VQrjR9ZH9dAP19V1ujYRH
Gdcodz1HM1C9cHq/v5f+mruvMXHb1YvcWiIRSrnAxyy6IhFSPfg1C/PY9cWjXQ9w
39YCON2nQyKyrpZ6phfecInjdBbG7usEN5lE8CwQlSEgdfmzyNJKwASXbfqCEKXn
mjeClZnj1MJlGtBg7xiKOWwKE54ApL1XA1XqETNhKUGZMpuFfXa4s5lGdTO/3hBS
zjJpmjY9i1vRZ/9m70Pqjwd3QVX19rpt4o9OBOTH8f47bJyMsrWoJFfIUOs3bOqk
WdUX3THD7hbfpDpWJeo4PKvSfytzfS7Vyv+559LTGGtgFPnoA0UCAwEAAaOCAh8w
ggIbMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU2YEjpUcHM5XtZ/QceUhk72STMZYw
HwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEwcAYIKwYBBQUHAQEEZDBi
MC8GCCsGAQUFBzABhiNodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5cHQub3Jn
LzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgzLmxldHNlbmNyeXB0Lm9y
Zy8wKQYDVR0RBCIwIIIMaGV5bW9uZGF5LnNlghB3d3cuaGV5bW9uZGF5LnNlMIH+
BgNVHSAEgfYwgfMwCAYGZ4EMAQIBMIHmBgsrBgEEAYLfEwEBATCB1jAmBggrBgEF
BQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwgasGCCsGAQUFBwICMIGe
DIGbVGhpcyBDZXJ0aWZpY2F0ZSBtYXkgb25seSBiZSByZWxpZWQgdXBvbiBieSBS
ZWx5aW5nIFBhcnRpZXMgYW5kIG9ubHkgaW4gYWNjb3JkYW5jZSB3aXRoIHRoZSBD
ZXJ0aWZpY2F0ZSBQb2xpY3kgZm91bmQgYXQgaHR0cHM6Ly9sZXRzZW5jcnlwdC5v
cmcvcmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBAHVUqK84HnlkXIm3Q1+B
/SDPg0H080xTRVxLT1JBIll2FOtBMEbSKg7j+ApbA/uhd7WVBbnNLkrXEMHUXfyS
+jDDUuQ1AviqwuqapYGfHoKu1A/R/6uiVmY8fWxVh8OIcwMawzVQCnxdwub+hYAp
i1eiQk/budAuXyf7EbvPhtWXFy2AhRGhJ8i5mP08oG3YuVQoHHDqbAS9ASYMrAV9
DovPMBCjBvpihjWkhbvIvMHXsSSklcubUYhiAkLQQ7SFWVcsGUwpbFZb9Y2yCCkF
sWFaS5Hc0FGLqDHc7oQK5i+E64r427e6QM4SWq/DJqMn0sHWSIDSKtyCcIwOBDZ+
0x4=
-----END CERTIFICATE-----

这就是验证失败的原因.

版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。

dovecot

相关推荐

学习笔记:深入理解高性能代理服务器——Nginx
文章浏览阅读3.7k次,点赞2次,收藏5次。Nginx学习笔记一、Nginx 简介1. 什么是Nginx2. 反向代理3. 负载均衡4. 动静分离二、Nginx基本使用1. Nginx常用的操作命令2. Nginx的配置文件提示:文章写完后,目录可以自动生成,如何生成可参考右边的帮助文档文章目录一、Nginx 简介1. 什么是Nginx2. 反向代理3. 负载均衡4. 动静分离二、Nginx基本使用1. Nginx常用的操作命令2. Nginx的配置文件一、Nginx 简介1. 什么是Nginx  Nginx(“engine x”)是一个_nginx代理
Docker配置nginx
文章浏览阅读1.7w次,点赞14次,收藏61次。我们在使用容器的过程中需,有时候需要对容器中的文件进行修改管理,如果不做文件映射的化,我们使用docker exec -it 容器ID/容器名 /bin/bash 才能进入nginx中的文件里面如图。架设在客户机与目标主机之间,只用于代理内部网络对Internet的连接请求,客户机必须指定代理服务器,并将原本要直接发送到web服务器上的http请求发送到代理服务器中。A想要组C的房子,但是A并不认识C所以租不到,但是B认识C,A找B帮忙租到了C的房子。客户端代理服务器服务器。_docker nginx 配置
Nginx如何实现404错误自动跳转到首页
文章浏览阅读1.4k次。当用户在访问网站的过程中遇到404错误时,通常情况下应该显示一个友好的错误页面,而不是仅仅显示一个简单的错误提示。在Nginx中,可以通过配置来实现404错误自动跳转到首页的功能。如果您的网站使用动态内容生成页面(如PHP或其他服务器端语言),则应相应地修改配置以适应您的网站架构。这样,当用户访问一个不存在的页面时,Nginx会自动将其重定向到首页。为了使配置生效,需要重新加载Nginx配置。首先,需要打开Nginx的配置文件。现在,当用户访问一个不存在的页面时,Nginx会自动将其重定向到首页。_nginx 404 重定向
docker/docker-compose 部署 nginx+mysql+wordpress 实战
文章浏览阅读2.7k次。docker 和 docker-compose 部署 nginx+mysql+wordpress 实战_docker wordpress mariadb
windows下nginx的安装使用及解决80端口被占用nginx不能启动的问题
文章浏览阅读1.3k次。5:再次启动nginx,可以正常启动,可以在任务管理器中查看到nginx的进程。重新启动下 直接访问8090端口 ok 访问成功。1 :查看80端口占用情况,pid的值为3960。3:在运行中输入regedit打开注册表编辑器。2: 通过以下命令查看3960所对应的服务名称。4:找到Start,右键修改将其制改为4。_nginx80端口无法访问
【Nginx篇】Nginx轻松上手
文章浏览阅读3.1w次,点赞105次,收藏182次。高性能:Nginx 被设计为能够处理大量并发连接而不显著增加系统负担。它采用异步事件驱动的架构,可以有效地处理高流量的 Web 请求。负载均衡:Nginx 支持负载均衡,可以将请求分发到多个后端服务器,以提高网站性能和可用性。反向代理:Nginx 可以充当反向代理,将客户端请求转发到后端服务器,隐藏后端服务器的真实 IP 地址,增加安全性和可扩展性。静态文件服务:Nginx 可以高效地提供静态文件(如 HTML、CSS、JavaScript、图像等)的服务,减轻应用服务器的负担。
Nginx性能优化
文章浏览阅读976次。nginx作为常用的web代理服务器,某些场景下对于性能要求还是蛮高的,所以本片文章会基于操作系统调度以及网络通信两个角度来讨论一下Nginx性能的优化思路。我们的大学教程大部分讲述七层模型,实际上现代网络协议使用的都是四层模型,如下图,应用层报文经过四层的首部封装到对端。对端链路层拆开首部查看mac地址是自己在网上,拆开ip首部查看目的地址是不是自己,然后到达传输层应用层完成报文接收。文章是基于原有个人知识基础上,对旧知识进行巩固,以及新知识实践学习。
Nginx 轻松搞定跨域问题
文章浏览阅读5.4k次,点赞9次,收藏15次。最后再说一种情况,就是后端处理了跨域,就不需要自己在处理了(这里吐槽下,某些后端工程师自己改服务端代码解决跨域,但是又不理解其中原理,网上随便找段代码黏贴,导致响应信息可能处理不完全,如method没添加全,headers没加到点上,自己用的那个可能复制过来的并不包含实际项目所用到的,没有添加options请求返回状态码等,导致Nginx再用通用的配置就会可能报以下异常)里面的就好了,因为这里如果是预检请求直接就ruturn了,请求不会再转发到59200服务,如果也删除了,就会报和情况1一样的错误。_nginx 允许跨域
踩坑日记-nginx server_name配置多域名的坑
文章浏览阅读2.5k次。项目配置了多个域名,如下,php 代码中有获取的值。当访问a.demo.com时,其获取的值是符合预期的。但是当访问b.demo.com时,其获取的值还是a.demo.com,导致代码中的判断出现错误。_nginxservername多个域名
ingress-nginx控制器安装
文章浏览阅读1k次,点赞2次,收藏5次。采用YAML manifest的方式来安装ingress-nginx,用registry.lank8s.cn镜像库来替换 registry.k8s.io的库。_ingress-nginx安装
Windows环境下编译nginx
文章浏览阅读1.6k次,点赞2次,收藏2次。在windows平台编译nginx_windows 编译nginx
【Nginx】入门看这一篇就够啦,nginx 简介、安装、工作原理、工作方式、详解配置文件
文章浏览阅读5.8k次,点赞2次,收藏18次。nginx [engine x] 是 HTTP 和反向代理服务器、邮件代理服务器和通用 TCP/UDP 代理服务器。nginx 的特点是占有内存少,并发能力强,事实上 nginx 的并发能力确实在同类型的网页服务器中表现较好,中国大陆使用nginx网站用户有:百度、京东、新浪、网易、腾讯、淘宝等。在高连接并发的情况下,nginx是Apache服务器不错的替代品,能够支持高达50000个并发连接数的响应。使用epoll and kqueue作为开发模型。_nginx
Linux启动(systemctl start nginx)nginx服务时出现:Failed to start nginx.service: Unit not found.
文章浏览阅读2k次。Linux启动(systemctl start nginx)nginx服务时出现:Failed to start nginx.service: Unit not found._为什么nginx的systemctl start nginx.service不能使用
Nginx的反向代理
文章浏览阅读1.3k次。重启之后,打开浏览器,输入http://localhost:8900/myBaidu,这时候就会自动的跳转到百度的页面。按照我们不同的需求修改nginx文件夹中的nginx-1.16.1conf里面的nginx.conf文件。启动nginx:打开nginx的文件夹,然后双击nginx.exe文件,启动nginx。打开之后假设我们需要跳转到百度则在配置文件nginx.conf中的下面加上。1、打开任务管理器关闭nginx的进程。端口在配置文件的(下图)进行查看nginx端口。_nginx 代理百度
nginx重定向问题解决(rewrite or internal redirection cycle)
文章浏览阅读5.7k次,点赞5次,收藏3次。nginx重定向问题解决(rewrite or internal redirection cycle)_rewrite or internal redirection cycle while internally redirecting to "/inde
在 Windows 中关闭 Nginx 所有进程
文章浏览阅读1.3k次。请注意,上述命令假设 Nginx 已经在系统的 PATH 环境变量中配置。如果没有,请提供正确的 Nginx 安装路径,或者在命令中使用完整的路径来替换。将该命令与所有 Nginx 进程的 PID 一起使用,以终止所有正在运行的 Nginx 进程。此命令将启动一个新的 Nginx 进程来重新加载配置文件并重新启动服务器。使用以下命令来终止所有 Nginx 进程(使用上面的 PID 替换。的进程以及它们的 PID。打开命令提示符(CMD)。此命令将列出所有名为。选项来强制终止进程。_windows 怎么关闭nginx
如何在 Ubuntu 上安装和使用 Nginx?
文章浏览阅读2.7k次,点赞2次,收藏7次。包括 Netflix、GitHub 和 WordPress。Nginx 可以用作 Web 服务器、负载均衡器、反向代理和 HTTP 缓存等。_ubuntu安装nginx
轻松搭建短域名短链接服务系统,可选权限认证,并自动生成证书认证把nginx的http访问转换为https加密访问,完整步骤和代码
文章浏览阅读915次。轻松搭建短域名短链接服务系统,可选权限认证,并自动生成证书认证把nginx的http访问转换为https加密访问,完整步骤和代码。_nginx 短链代理
流媒体方案之Nginx——实现物联网视频监控项目
文章浏览阅读1.1k次,点赞35次,收藏24次。流媒体方案之Nginx——实现物联网视频监控项目Nginx是什么Nginx在流媒体方案中的位置软硬件准备移植编译Nginx运行Ngnix测试流媒体方案浏览器播放_nginx-rtmp-module
nginx 配置 wss 协议
文章浏览阅读1.9k次。nginx 配置 wss 协议转发 ws 服务器_nginx 配置wss
pythonJavaScriptjavaHTMLPHPreactjsC#AndroidCSSNode.jssqlrpython-3.xMysqLjQueryc++pandasFlutterangularIOSdjangolinuxswifttypescript路由器JSON路由器设置无线路由器h3c华三华三路由器设置华三路由器电脑软件教程arraysdocker软件图文教程Cvue.jslaravelspring-boot