[sylpheed:37025] Re: Letsencrypt certificates issue

Mon Oct 4 10:28:51 JST 2021

So should those of us using Windows that are not so adept at the ins
and outs of the program replace our certs file now, whether or not
we're having a problem? thanks,

Gene

On Sat, 2 Oct 2021 15:39:35 +0200
Walter Alejandro Iglesias <roquesor at gmail.com> wrote:

> Hello Sylpheed users,
> 
> I sent the messages below to Hiroyuki, he didn't answered, so I
> thought a heads up here could be useful to someone.  If it happens
> you access a smtp pop or imap server that uses letsencrypt
> certificates from a win-32 version of Sylpheed you surely ran into
> this problem from September 30 onwards.
> 
> Take in mind that at some point I'll remove the certs.crt file I
> share in the last link below (in my server), anyways, as it is
> explained in the messages below you just have to remove the following
> chain from the certs.crt file used by Sylpheed:
> 
> $ cat /etc/ssl/certs/DST_Root_CA_X3.pem
> -----BEGIN CERTIFICATE-----
> MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
> MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
> DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
> PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
> Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
> AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
> rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
> OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
> xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
> 7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
> aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
> HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
> SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
> ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
> AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
> R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
> JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
> Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
> -----END CERTIFICATE-----
> 
> 
> ----- Forwarded message from Walter Alejandro Iglesias
> <wai at roquesor.com> -----
> 
> Date: Fri, 1 Oct 2021 10:07:44 +0200
> From: Walter Alejandro Iglesias <wai at roquesor.com>
> To: Hiroyuki Yamamoto <hiro-y at kcn.ne.jp>
> User-Agent: Mutt/1.10.1 (2018-07-13)
> Subject: I found a solution
> 
> Hi again,
> 
> On Thu, Sep 30, 2021 at 10:15:03PM +0200, Walter Alejandro Iglesias
> wrote:
> > Hello Hiroyuki,
> > 
> > In case you still maintain Sylpheed.  About this issue:
> > 
> >  https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
> > 
> > I use Letsencrypt certs with sendmail and dovecot in my home
> > server, and I make my wife use Sylpheed (the last decent GUIed MUA
> > out there!) in her Windows 10 desktop.  Unfortunately, after
> > working without problems for years, the last September 30, Sylpheed
> > (only under Windows) started to popping out a message on each SSL
> > connection to the server complaining about Letsencrypt certs are
> > outdated (they're not).
> > 
> > I've tried copying the last ca-certificates.crt that comes with
> > Debian (which includes the ISRG_Root_X1 cert mentioned in the
> > article above) to the Windows ../Sylpheed/etc/ssl/certs folder, but
> > that didn't make the trick.  Is there some way to solve this issue?
> 
> I found this article:
> 
>   https://blog.devgenius.io/rhel-centos-7-fix-for-lets-encrypt-change-8af2de587fe4?gi=241a8c4c15da
> 
> Based on what's explained there I *guess* the Win version of Sylpheed
> is currently using outdated openssl libraries.  So, I tried the same
> CentOS workaround, I removed the "DST Root CA X3" chain from Sylpheed
> certs.crt, that *solved* the Letsencrypt certs problem.  Here's the
> file:
> 
>   https://en.roquesor.com/Downloads/certs.crt
> 
> (Latest ca-certificates.crt in my Debian system with the DST Root CA
> X3 chain removed.)
> 
> 
> Greetings,
> 
> 
> 	Walter
> 
> 
> 
> ----- End forwarded message -----