Kopano errors on port 993 for IMAP prominent using Thunderbird

When testing Kopano against port 993 and Thunderbird for IMAPS, you might have a lot of problems and this in the log file:

May 27 15:22:53 host kopano-gateway[655]: Unable to negotiate SSL connection with a.b.c.d:59233

The symptoms in Thunderbird are such as below:

The other symptom is the message is actually sent, but you get this super annoying popup. Also trying to work on folder in Thunderbird doesn’t work.

This problem is a convoluted mess between TLS and SSL versions on the client and what the server supports. In fact, you’ll probably encounter this on other servers like Virtualmin where things aren’t set up properly.

This issue is discussed at length here on the Kopano forum, but as with some other forums it’s really hard to deduce what on earth to do. It’s just too complex with too many people chiming in.



Basically you have to examine your server and the certificate that is relayed back on port 993 to the clients. Here is a great command to see if things look intact:

curl –insecure -v imaps://hostname.host-example.com –user “[email protected]

This will give a very verbose output of not only what certificate is used, but also path and hostnames.

Next look here:

ls -lah

lrwxrwxrwx 1 root root   53 Jun 11  2022 cert.pem -> /etc/letsencrypt/live/host.example.com/cert.pem

lrwxrwxrwx 1 root root   56 Jun 11  2022 privkey.pem -> /etc/letsencrypt/live/host.example.com/privkey.pem

If you run this command and you get:

*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.

root@host:~# grep -Ei ‘ISRG Root|DST Root|R3’ /etc/ssl/certs/ca-certificates.crt | grep ‘#’

Finally, after linked to the right place, remember this:

root@host:/etc/ssl/certs# chmod 755 /etc/letsencrypt/live/ -R
root@host:/etc/ssl/certs# chmod 755 /etc/letsencrypt/archive/ -R



Share this article

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to Top