Mail.purevelvet.design reports "Certificate expired"

mail.purevelvet.design reports in Thunderbird “Remote station certificate has expired”
Can someone please help me to get it work again?

Would be somebody so kind to help me get DNS / Records managed?

Kind regards
André

This is an SSL certificate on your origin server that hosts your mail. You will want to update that cert on your server or have your hosting provider do it depending on the service / plan they provide yo0u.

Thank you, but Certificate for purevelvet.design in PLESK is valid until 14.10.21.

Mit freundlichen Grüßen / Kind regards

André Schröder

As we have discussed, there is an issue with SSL certificate under purevelvet.design domain, namely its mail subdomain shows as insecure.

In the chat, we have found the following error message during the SSL certificate check with openssl tool:

openssl s_client -showcerts -servername mail.purevelvet.design -connect mail.purevelvet.design:25

CONNECTED(00000003)

139846789420872:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:769:
no peer certificate available
No client certificate CA names sent
SSL handshake has read 7 bytes and written 278 bytes
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE

openssl s_client -showcerts -connect purevelvet.design:443

CONNECTED(00000003)

140398007535432:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:744:
no peer certificate available
No client certificate CA names sent
SSL handshake has read 7 bytes and written 247 bytes
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE

The error message “Secure Renegotiation IS NOT supported” points to the fact that the root cause of the issue with the certificate lays at the CloudFlare side, namely there is some misconfiguration at their side.

In order to fix the issue, please contact Cloudflare support. Here’s a direct link: Cloudflare Help Center

Please let me draw your attention that Plesk does not manage the Cloudflare dashboard or any Cloudflare settings, and thus only their support can help with their product. Also, please feel free to transfer all of our findings to their support.

If you have additional questions, please let me know. I will be glad to answer you.

Best Regards,

Alex Davydov
Technical Support Engineer
Plesk

Cloudflare has absolutely nothing to do with Email SSL.

That’s not an error message. It’s just saying you can’t change encryption after establishing a secure connection. It’s an attack vector that Cloudflare has disabled.

mail.purevelvet.design was not a proxied record by Cloudflare when this error message occurred. Change the record back to :grey: from :orange: as Cloudflare doesn’t proxy SMTP, IMAP or POP3. Once done, it’s an error from your origin server as it was before and you can test again based on whatever is configured in your mail client.

Thank you very much @cs-cf!
I changed it back.
But my domain is fully secured.
What I have to do now to get SSL work again for mail.purevelvet.design?

Now that it points directly to your origin you need to resolve whatever certificate problem exists on your origin for Thunderbird. Unfortunately I don’t know anything about Thunderbird, but when the error was occuring Cloudflare wasn’t involved in the SSL communication. If the error still persists then your host or ISP should look at your mail value now for whatever values you have specified in your thunderbird client which are resulting in an error.

Thank you but I have an own Cloud-Server with PLESK.
The problem popped up today,before everything was fine.
I changed nothing.

I changed SSL to flexible? Now secured by Cloudflare SSL? But E-Mail issue is the same. Any other tips or what to do?

Then you currently have a security issue.


It secures also wildcard Domains, also mail.purevelvet.design?
I don’t really know what’s wrong here.

I got it worked. There was a Nameserver Entry missing for Let’s Encrypt _acme-challenge Value.
Thank you all for help & support!

Kind regards
André

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.