When testing Kopano against port 993 and Thunderbird for IMAPS, you might have a lot of problems and this in the log file:
May 27 15:22:53 host kopano-gateway[655]: Unable to negotiate SSL connection with a.b.c.d:59233
The symptoms in Thunderbird are such as below:
The other symptom is the message is actually sent, but you get this super annoying popup. Also trying to work on folder in Thunderbird doesn’t work.
This problem is a convoluted mess between TLS and SSL versions on the client and what the server supports. In fact, you’ll probably encounter this on other servers like Virtualmin where things aren’t set up properly.
This issue is discussed at length here on the Kopano forum, but as with some other forums it’s really hard to deduce what on earth to do. It’s just too complex with too many people chiming in.
https://forum.kopano.io/topic/2886/ssl-negotiation-failures-with-tlsv1-and-tlsv1-3-against-gateway-ical-on-debian-10/4
https://help.univention.com/t/mailclient-wont-connect-to-kopano/16042/18
Basically you have to examine your server and the certificate that is relayed back on port 993 to the clients. Here is a great command to see if things look intact:
curl –insecure -v imaps://hostname.host-example.com –user “[email protected]”
This will give a very verbose output of not only what certificate is used, but also path and hostnames.
Next look here:
ls -lah
lrwxrwxrwx 1 root root 53 Jun 11 2022 cert.pem -> /etc/letsencrypt/live/host.example.com/cert.pem
lrwxrwxrwx 1 root root 56 Jun 11 2022 privkey.pem -> /etc/letsencrypt/live/host.example.com/privkey.pem
If you run this command and you get:
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
root@host:~# grep -Ei ‘ISRG Root|DST Root|R3’ /etc/ssl/certs/ca-certificates.crt | grep ‘#’
Finally, after linked to the right place, remember this:
root@host:/etc/ssl/certs# chmod 755 /etc/letsencrypt/live/ -R
root@host:/etc/ssl/certs# chmod 755 /etc/letsencrypt/archive/ -R