K-9 Mail letsencrypt certificate error

Support
1

Hey guys!

I am trying to connect to my email “git@pierrefhapp.dev”. I can connect to it without any issues on my thunderbird desktop client. But on k-9mail i get an error with bad certificate.

  • Android 10
  • LineageOS 17.1 with microG
  • K-9 Mail version 5.733 from 26/03/2021 from f-droid

Steps:

  • open k-9 mail
  • add new email account
  • type git@pierrefhapp.dev with any password
  • next
  • choose imap
  • next

Error:

k-9-mail-error
k-9-mail-error1080×2280 261 KB

  • Can anyone verify that I fucked up with the certificates? I thought it is working just fine. If i am testing my sent message against some spam filter testing I also get 10/10 raiting.
  • Or does someone have a tip on how to fix this?

greetings

2

The issue was within my android. It did not include the certificate for R3 Letsencrypt.
I did download it from here Chain of Trust - Let's Encrypt
and installed it following more or less this guide:
Installing a new trusted SSL root certificate on Android

sorry for the spam

3

The problem is that your mail server doesn’t include the R3 intermediate certificate in its certificate chain. Android (and really all other OSes) only know about the Let’s encrypt root certificate. It’s the job of servers to provide all certificates in the chain (except for the root certificate) in the TLS handshake. Check your server configuration.

4

Had the same problem.
Could solve it with the description given above.

in detail:
I use Dovemail as IMAP-Server and acme.sh as script for letsencrypt on debian:
all I have to do is to configure the ca in /etc/dovecot/conf.d/10-ssl.conf:
Parameter ssl_ca points to the file where the fullchain.cer file for the given letsencrypt-certificate is stored.